Загрузка видео...

Не удалось загрузить видео

На главную

Somehow, Chrome 130+ started parsing the hostname from javascript URLs again and this can be used for a constrained XSS 🤯 This was the second solution for the recent CTF challenge.

0xacb's profile picture

André Baptista

17,825 subscribers

24,966 просмотров • 1 год назад •via X (Twitter)

Новости и политикаНаука и технологии
LIVE

Anya Rossi• Live Now

Private livecam show

Комментарии: 10

Фото профиля André Baptista
André Baptista1 год назад

Deeplinks could also be used in this CTF to leak the secret, e.g. evilapp://legit.ethiack.ninja

Фото профиля André Baptista
André Baptista1 год назад

Also, this doesn't work on Firefox

Фото профиля Francisco Neves
Francisco Neves1 год назад

I wonder if other Safari tricks are now working on Chrome as well

Фото профиля 𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴
𝔐Ǿʄț𝔄𝕭𝔄 𝔖a𝔐𝖀ℛ𝔄𝕴1 год назад

intresting🧐

Фото профиля mobin
mobin1 год назад

good tip, thanks for sharing this content😍

Фото профиля payphone
payphone1 год назад

What is the box with the countdown timer thing in it, on the left?

Фото профиля André Baptista
André Baptista1 год назад

It's just

Фото профиля YmV2ZW4K==
YmV2ZW4K==1 год назад

How were you selecting the versions is it a plugin or feature?

Фото профиля André Baptista
André Baptista1 год назад

Check @browserling!

Фото профиля Alex Roqo
Alex Roqo1 год назад

Very interesting

Похожие видео

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.
4:37

Was the recent Texas flood produced artificially? Rainmaker CEO Augustus Doricko says “no,” and contends the technology can actually be used for good.

Dinesh D'Souza

89,469 просмотров • 11 месяцев назад

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green
0:37

Give us suggestions for this year's TYASTI! All three of us can play, or it can be another two person challenge. Last year, Jake teed off from the tees and Joez started on the edge of the green

Talkin' Yanks

119,405 просмотров • 4 месяцев назад

THE FANS WIN THE GAME FOR THE COCONUTS 🤯 With 2 outs in the 9th, the fans used their challenge to overturn the call at second and win the game for Loco Beach 🏖️
1:01

THE FANS WIN THE GAME FOR THE COCONUTS 🤯 With 2 outs in the 9th, the fans used their challenge to overturn the call at second and win the game for Loco Beach 🏖️

Banana Ball

18,342 просмотров • 1 месяц назад

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.
2:01

Clean water was delivered again today — the second consecutive day — to displaced families in Gaza by the CareFor Gaza team. Grateful for this vital support, but the continued need underscores the urgency of a lasting solution.

Care For Gaza

28,807 просмотров • 10 месяцев назад

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for ~~inflation via bubblegum~~... :D haha
0:35

Sensitive content

#8 Laying on Lindsey and Camilla's laps ... and getting smooshed July challenge for a small video project a day. I should've just used the second from yesterday as this one :D I'm a glutton for ~~inflation via bubblegum~~... :D haha

Thiridian & Lindsey

34,398 просмотров • 1 год назад

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.
1:35

This was so bad for $NVDA as Satya said MSFT is no longer chip supply but power constrained. Oh wait, it was from 2024. Satya said this again on the same BG2 podcast 2 days ago and people are now all over it again.

The AI Investor

244,814 просмотров • 7 месяцев назад

Stop and watch this. The collective consciousness is powerful and can be used for good.
1:30

Stop and watch this. The collective consciousness is powerful and can be used for good.

Omid Djalili

1,049,880 просмотров • 2 лет назад

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld
1:55

I can finally share my boards for Jentry Chau vs the Underworld! This sequence got cut down a bit (probably due to time T_T) but it was a fun challenge to get used to the characters and feel for the show. #JentryChauVsTheUnderworld

Andrew Minghee Kim

23,500 просмотров • 1 год назад

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!
0:42

The Phoenix Park Ashtown Gate Junction needs a total redesign. And while this is being proposed under BusConnects, it will take some time for this to be built, and so an interim solution will soon be implemented by the local councils. Myself and Feljin Jose have been working on this in recent years and will be looking for feedback on the interim solution once it's implemented in a few weeks time. Watch this space!

Roderic O’Gorman TD

51,602 просмотров • 1 год назад

Introducing developer mode for browser use in Chrome and the Codex in-app browser. Codex can use the Chrome DevTools Protocol (CDP) to debug browser issues by profiling JavaScript performance and inspecting console output, network traffic, and page state.
1:27

Introducing developer mode for browser use in Chrome and the Codex in-app browser. Codex can use the Chrome DevTools Protocol (CDP) to debug browser issues by profiling JavaScript performance and inspecting console output, network traffic, and page state.

OpenAI Developers

365,188 просмотров • 5 дней назад

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.
2:00

For many, a trip to the dentist can be nerve-wracking. This California doctor found a solution with four legs and a tail.

CBS Evening News with Tony Dokoupil

16,747 просмотров • 5 месяцев назад

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…
0:22

We saw close to 130 public high school students give their lives to Jesus today! 🤯 There were two lunches, this was the second one. Watch for yourself as hundreds of students heard the gospel and responded…

Ross Johnston

94,684 просмотров • 4 месяцев назад

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".
0:21

Be a part of the solution and not the problem. Don't be a condemner. Make allowances for people’s weaknesses. Make room for people to be human. Be inspired by this message from Joel, "Be a Safe Place".

Joel Osteen

30,983 просмотров • 1 год назад

Schools are *not* ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.
0:26

Schools are *not* ready for this: -Open homework in google chrome -Right click and go to "search with google lens" -Google lens pops up on the right side and answers the question Massive implications for homework. This was an Isaac physics "A level challenge 2" question.

Peter Edmunds 🦄

52,473 просмотров • 8 месяцев назад

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025
1:06

2024 was one for the history books. This summer let’s do it again, let's Challenge The Game! #EWC2025

Shifters

94,373 просмотров • 1 год назад

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?
0:22

Watch this!! 🤯🤯 Refs knew the ball was off OKC, and San Antonio coach Mitch Johnson calls for the challenge while the ref still had the ball, and they told him NO!! 😳 🔥😠 IS THIS ACTUALLY RIGGED!?

HeroOfTheDay

74,476 просмотров • 21 дней назад

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇
1:38

Ollama can now think! 🤔🤔🤔 For thinking models, and especially useful for very thoughtful models like DeepSeek-R1-0528, Ollama can separate the thoughts and the response. Thinking can also be disabled! This is useful for getting a direct response. This works across Ollama's CLI, API, and Python/JavaScript libraries. 🧵 blog post 👇👇👇

ollama

106,201 просмотров • 1 год назад

This may be the luckiest *bad* shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.
0:35

This may be the luckiest *bad* shot in all of golf! If you put a ball in play and it somehow ends up back in the teeing area - maybe it ricochets off a tree or you hit a topper - you can tee it up again for your second with no penalty.

USGA

319,782 просмотров • 1 месяц назад

BenDaDonnn was CONFUSED when this girl asked if the pizza someone from his crew ordered was for everyone — he told her NO and somehow started giving her and her friends fasting advice 😭💀
0:49

BenDaDonnn was CONFUSED when this girl asked if the pizza someone from his crew ordered was for everyone — he told her NO and somehow started giving her and her friends fasting advice 😭💀

ThorDKidd

236,940 просмотров • 7 месяцев назад