Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Android Chrome Font Vulnerability: Spoofing Google Domains with Ligatures

2025-05-18
Android Chrome Font Vulnerability: Spoofing Google Domains with Ligatures

Security researcher Jeffrey Yasskin discovered an Android Chrome font vulnerability: Attackers can register domains like "googlelogoligature.net" and exploit a ligature in Google Sans to make Chrome display it as "Google.net," potentially tricking users. This leverages how the font renders specific character combinations as a stylized Google logo. The vulnerability highlights the risks of custom fonts in security-sensitive contexts, especially when rendering attacker-controlled text.

(www.jefftk.com)
Tech
Working with Git Patches in Apple Mail: A Surprisingly Simple Workflow
34 Ingenious Paper Mechanisms: A Showcase of Folding Engineering