tag:blogger.com,1999:blog-3055250018425068623.post2346038544460598360..comments2023-05-17T02:05:34.924-07:00Comments on No More Root: Little bug in Safari and Google ChromeCesar Cerrudohttp://www.blogger.com/profile/06168334482904759553noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-3055250018425068623.post-36462395658506893592010-02-27T11:31:17.608-08:002010-02-27T11:31:17.608-08:00@palisade yes it was fixed a couple of weeks ago@palisade yes it was fixed a couple of weeks agoCesar Cerrudohttps://www.blogger.com/profile/06168334482904759553noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-2262473822203086022010-02-26T07:09:05.907-08:002010-02-26T07:09:05.907-08:00I have tested this exploit in Google Chrome 4.0.24...I have tested this exploit in Google Chrome 4.0.249.89 and it has no effect. I tested with microsoft.com, yahoo.com, planetquake.com and other websites. They all resolved to the original LINK tag and not the final URL. This problem seems to have been corrected.blakesteelhttps://www.blogger.com/profile/17876532778648205245noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-11663083167205337042010-02-17T08:12:01.419-08:002010-02-17T08:12:01.419-08:00Derek, why are you talking about beta software -- ...Derek, why are you talking about beta software -- the release version of Chrome isn't beta.David Rosenhttps://www.blogger.com/profile/17326235840845709338noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-18441918671699462332010-01-28T08:41:06.448-08:002010-01-28T08:41:06.448-08:00Just a note that beta software has rarely had stri...Just a note that beta software has rarely had stringent security testing in the field. Therefore, have no expectations at this point of Google Chrome being any more or less secure than any other browser. Unfortunately, the big problem any browser has these days is the insecure nature of the code languages being used on the Internet. Example: JavaScript in general is now a major hazard; Active X, even worse.:-Derekhttps://www.blogger.com/profile/01192230834913012760noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-40426041221083462342010-01-25T09:48:21.473-08:002010-01-25T09:48:21.473-08:00Yes, thank you for sharing it.I never though Chrom...Yes, thank you for sharing it.I never though Chrome was vulnerable to this, but it is ! Awesome.Marco Ramillihttps://www.blogger.com/profile/05480238030319998871noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-32135899934034114722010-01-11T22:15:10.128-08:002010-01-11T22:15:10.128-08:00Firefox actually patched this bug in early 2008 - ...Firefox actually patched this bug in early 2008 - I know since I reported it to them (though it seems someone got to them before me, so no credit).<br /><br />At the time it was really useful, since Google's SSO system sent session ids in redirect URLs, even for apps that were a .google.com subdomain, in particular Gmail. These days it only happens for off-domain sites such as Blogger.<br /><br />There are still similar redirect leak bugs floating around other browsers though.kuza55https://www.blogger.com/profile/03932544559060480887noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-86768239205464541212010-01-11T11:32:09.839-08:002010-01-11T11:32:09.839-08:00@sdc as far as I know Firefox and IE don't hav...@sdc as far as I know Firefox and IE don't have this problem, they always display the original URL.Cesar Cerrudohttps://www.blogger.com/profile/06168334482904759553noreply@blogger.comtag:blogger.com,1999:blog-3055250018425068623.post-75018009539513585832010-01-11T02:35:10.254-08:002010-01-11T02:35:10.254-08:00firefox has a similar issue.. and IE.. as well.. h...firefox has a similar issue.. and IE.. as well.. haha<br /><br />thanks! now there's a way to follow redirects on all browsers with js!Anonymoushttps://www.blogger.com/profile/12601594427575096471noreply@blogger.com