> Browsers themselves were not vulnerable to heartbleed, Clients could have been... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		chimeracoder on April 17, 2014 \| parent \| context \| favorite \| on: Another Big Milestone for Servo: Acid2 > Browsers themselves were not vulnerable to heartbleed, Clients could have been vulnerable to Heartbleed. Feel free to correct me on this, but I believe the only reason they weren't is that Chrome uses OpenSSL compiled without the heartbeat feature, and Firefox uses NSS.

azakai on April 17, 2014 [–]

Both Firefox and Chrome uses NSS (although I believe Chrome has a potential plan considering using OpenSSL at some point in the future).

gsnedders on April 17, 2014 | [–]

Chrome on Android uses OpenSSL, FWIW. I have no idea whether it supported the Heartbeat extension though.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact