Video wird geladen...

Video konnte nicht geladen werden

Beim Laden dieses Videos ist ein Problem aufgetreten. Dies könnte an einem vorübergehenden Netzwerkproblem liegen oder das Video ist möglicherweise nicht verfügbar.

Somehow, Chrome 130+ started parsing the hostname from javascript URLs again and this can be used for a constrained XSS 🤯 This was the second solution for the recent CTF challenge.

André Baptista

17,825 subscribers

24,966 Aufrufe • vor 1 Jahr •via X (Twitter)

Nachrichten & Politik Wissenschaft & Technologie

Anya Rossi• Live Now

Private livecam show

10 Kommentare

Profilbild von André Baptista

André Baptistavor 1 Jahr

Deeplinks could also be used in this CTF to leak the secret, e.g. evilapp://legit.ethiack.ninja

Profilbild von André Baptista

André Baptistavor 1 Jahr

Also, this doesn't work on Firefox

Profilbild von Francisco Neves

Francisco Nevesvor 1 Jahr

I wonder if other Safari tricks are now working on Chrome as well

Profilbild von 𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴

𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴vor 1 Jahr

intresting🧐

Profilbild von mobin

mobinvor 1 Jahr

good tip, thanks for sharing this content😍

Profilbild von payphone

payphonevor 1 Jahr

What is the box with the countdown timer thing in it, on the left?

Profilbild von André Baptista

André Baptistavor 1 Jahr

It's just

Profilbild von YmV2ZW4K==

YmV2ZW4K==vor 1 Jahr

How were you selecting the versions is it a plugin or feature?

Profilbild von André Baptista

André Baptistavor 1 Jahr

Check @browserling!

Profilbild von Alex Roqo

Alex Roqovor 1 Jahr

Very interesting

Ähnliche Videos

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.

Dinesh D'Souza

89,469 Aufrufe • vor 11 Monaten

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green

Talkin' Yanks

119,405 Aufrufe • vor 4 Monaten

THE FANS WIN THE GAME FOR THE COCONUTS 🤯 With 2 outs in the 9th, the fans used their challenge to overturn the call at second and win the game for Loco Beach 🏖️

THE FANS WIN THE GAME FOR THE COCONUTS 🤯 With 2 outs in the 9th, the fans used their challenge to overturn the call at second and win the game for Loco Beach 🏖️

Banana Ball

18,342 Aufrufe • vor 1 Monat

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.

Care For Gaza

28,807 Aufrufe • vor 10 Monaten

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for ~~inflation via bubblegum~~... :D haha

Sensitive content

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for inflation via bubblegum... :D haha

Thiridian & Lindsey

34,191 Aufrufe • vor 1 Jahr

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.

The AI Investor

244,814 Aufrufe • vor 7 Monaten

Stop and watch this. The collective consciousness is powerful and can be used for good.

Stop and watch this. The collective consciousness is powerful and can be used for good.

Omid Djalili

1,049,880 Aufrufe • vor 2 Jahren

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld

Andrew Minghee Kim

23,500 Aufrufe • vor 1 Jahr

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!

Roderic O’Gorman TD

51,602 Aufrufe • vor 1 Jahr

Introducing developer mode for browser use in Chrome and the Codex in-app browser. Codex can use the Chrome DevTools Protocol (CDP) to debug browser issues by profiling JavaScript performance and inspecting console output, network traffic, and page state.

Introducing developer mode for browser use in Chrome and the Codex in-app browser. Codex can use the Chrome DevTools Protocol (CDP) to debug browser issues by profiling JavaScript performance and inspecting console output, network traffic, and page state.

OpenAI Developers

361,029 Aufrufe • vor 3 Tagen

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.

CBS Evening News with Tony Dokoupil

16,747 Aufrufe • vor 4 Monaten

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…

Ross Johnston

94,684 Aufrufe • vor 4 Monaten

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".

Joel Osteen

30,983 Aufrufe • vor 1 Jahr

Schools are *not* ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.

Schools are not ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.

Peter Edmunds 🦄

52,473 Aufrufe • vor 8 Monaten

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025

Shifters

94,373 Aufrufe • vor 1 Jahr

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?

HeroOfTheDay

74,476 Aufrufe • vor 19 Tagen

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇

ollama

106,201 Aufrufe • vor 1 Jahr

This may be the luckiest *bad* shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.

This may be the luckiest bad shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.

USGA

319,777 Aufrufe • vor 1 Monat

How to build an AI agent from scratch. This is the question I get the most, so I recorded this video to show you from the very beginning how you can get started. You can do this in Python, TypeScript, JavaScript, or Ruby.

How to build an AI agent from scratch. This is the question I get the most, so I recorded this video to show you from the very beginning how you can get started. You can do this in Python, TypeScript, JavaScript, or Ruby.

Santiago

71,768 Aufrufe • vor 1 Jahr