It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the `*.google.com` domains - tweeted about today [by Luca Casonato](https://twitter.com/lcasdev/status/1810696257137959018), …
True. We can also not run code at all and be perfectly safe.
I wish there was a comparison. Number of 0days in open source and 0days in closed source for comparible projects and a measure for time to mitigate the 0days.
There’s some truth to that, but bad actors have managed to slip things through in the past. It happened recently with xz.
I guess my point is that we put a lot of trust in strangers when we run any code on our systems. Open or not.
True. We can also not run code at all and be perfectly safe.
I wish there was a comparison. Number of 0days in open source and 0days in closed source for comparible projects and a measure for time to mitigate the 0days.