"see i told you so"
with respect to 'safe surfing' practices, how many times have _I_ been DOWN voted for saying things like this?
With respect to CVE-2018-8475 at least:
a) do NOT surf the web logged in with admin or root credentials
b) do NOT use a Micro-shaft browser
c) if possible, do NOT surf the web with a MICROSOFT OS
e) do NOT view mail "as HTML", and especially do NOT preview images 'inline'.
(see? see? see????)
e) run 'noscript' or other script blocker BY DEFAULT
f) never "just open" the attachment to an e-mail [even if you know the sender]
and so on.
I ALSO expect that ad servers, image-related blog sites, spam mail with images embedded in them, and even web pages on places like 'deviantart' and 'imgur' and so forth can become VECTORS for the exploit.
And it's very difficult to get *DETAILS* on this one, meaning it's probably VERY bad, enough that search engines are maybe DELIBERATELY keeping us from [easily] finding those places where it's properly explained... [my 'google fu' is usually pretty good, but not with THIS, not THIS time]
yeah a little paranoia, and a *BIG* *FAT* "see I told you so" on the SAFE SURFING!!! because, even if they SAY it is patched, what OTHER similar vulnerabilities are STILL THERE waiting to be found???
[sloppy coding is as sloppy coding does]
Biting the hand that feeds IT
