Loading video...

Video Failed to Load

There was a problem loading this video. This could be due to a temporary network issue or the video might be unavailable.

Somehow, Chrome 130+ started parsing the hostname from javascript URLs again and this can be used for a constrained XSS 🤯 This was the second solution for the recent CTF challenge.

André Baptista

17,825 subscribers

24,966 views • 1 year ago •via X (Twitter)

News & Politics Science & Technology

Anya Rossi• Live Now

Private livecam show

10 Comments

André Baptista1 year ago

Deeplinks could also be used in this CTF to leak the secret, e.g. evilapp://legit.ethiack.ninja

André Baptista1 year ago

Also, this doesn't work on Firefox

Francisco Neves1 year ago

I wonder if other Safari tricks are now working on Chrome as well

𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴1 year ago

intresting🧐

mobin1 year ago

good tip, thanks for sharing this content😍

payphone1 year ago

What is the box with the countdown timer thing in it, on the left?

André Baptista1 year ago

It's just

YmV2ZW4K==1 year ago

How were you selecting the versions is it a plugin or feature?

André Baptista1 year ago

Check @browserling!

Alex Roqo1 year ago

Very interesting

Related Videos

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.

Dinesh D'Souza

89,469 views • 11 months ago

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green

Talkin' Yanks

119,405 views • 4 months ago

THE FANS WIN THE GAME FOR THE COCONUTS 🤯 With 2 outs in the 9th, the fans used their challenge to overturn the call at second and win the game for Loco Beach 🏖️

THE FANS WIN THE GAME FOR THE COCONUTS 🤯 With 2 outs in the 9th, the fans used their challenge to overturn the call at second and win the game for Loco Beach 🏖️

Banana Ball

18,342 views • 1 month ago

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.

Care For Gaza

28,807 views • 10 months ago

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for ~~inflation via bubblegum~~... :D haha

Sensitive content

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for inflation via bubblegum... :D haha

Thiridian & Lindsey

34,398 views • 1 year ago

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.

The AI Investor

244,814 views • 7 months ago

Stop and watch this. The collective consciousness is powerful and can be used for good.

Stop and watch this. The collective consciousness is powerful and can be used for good.

Omid Djalili

1,049,880 views • 2 years ago

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld

Andrew Minghee Kim

23,500 views • 1 year ago

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!

Roderic O’Gorman TD

51,602 views • 1 year ago

Introducing developer mode for browser use in Chrome and the Codex in-app browser. Codex can use the Chrome DevTools Protocol (CDP) to debug browser issues by profiling JavaScript performance and inspecting console output, network traffic, and page state.

Introducing developer mode for browser use in Chrome and the Codex in-app browser. Codex can use the Chrome DevTools Protocol (CDP) to debug browser issues by profiling JavaScript performance and inspecting console output, network traffic, and page state.

OpenAI Developers

365,188 views • 6 days ago

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.

CBS Evening News with Tony Dokoupil

16,747 views • 5 months ago

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…

Ross Johnston

94,684 views • 4 months ago

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".

Joel Osteen

30,983 views • 1 year ago

Schools are *not* ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.

Schools are not ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.

Peter Edmunds 🦄

52,473 views • 8 months ago

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025

Shifters

94,373 views • 1 year ago

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?

HeroOfTheDay

74,484 views • 22 days ago

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇

ollama

106,201 views • 1 year ago

This may be the luckiest *bad* shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.

This may be the luckiest bad shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.

USGA

319,782 views • 1 month ago

How to build an AI agent from scratch. This is the question I get the most, so I recorded this video to show you from the very beginning how you can get started. You can do this in Python, TypeScript, JavaScript, or Ruby.

How to build an AI agent from scratch. This is the question I get the most, so I recorded this video to show you from the very beginning how you can get started. You can do this in Python, TypeScript, JavaScript, or Ruby.

Santiago

71,768 views • 1 year ago