Techly NewsGet the app

Get the latest tech news

Bypassing Google's big anti-adblock update


Or, why you shouldn't write parts of your browser in JavaScript

But in the old days, Google decided it'd be a good idea to inject a bunch of JS files into pages that used Chrome APIs. Turns out running privileged JavaScript in user-controlled websites was not a good idea, because JS can often be manipulated by overriding global functions and prototypes. Since certain APIs like chrome.runtime exist on normal websites too, the extension bindings system led to multiple Universal XSS bugs back in 2015 and 2016.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Google

Google

Photo of Bypassing

Bypassing

Related news:

News photo

Chrome and Edge browser extensions secretly hijacked, spied on millions of users | Some even received "Verified" and "Featured" badges from Google and Microsoft

News photo

Google Hires Top A.I. Leaders From Windsurf, Which OpenAI Was Courting

News photo

Windsurf’s CEO goes to Google; OpenAI’s acquisition falls apart

« Nottingham Trent University hit by cyber attack as it resets everyone's passwords
Lost Chapter of Automate the Boring Stuff: Audio, Video, and Webcams in Python »