Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

A Funny Bug in Chrome's MV3 Extensions

2025-07-13

Google Chrome's transition from MV2 to MV3 removed the webRequestBlocking permission, breaking many ad blockers. However, the author discovered a quirky bug: due to the use of JavaScript bindings in Chrome extension APIs, manipulating parameters in the `chrome.webRequest` event constructor allowed bypassing permission checks and enabling ad blocking. While this bug didn't pose a security risk, it highlighted potential issues lurking in legacy code and the possibility of achieving unexpected results by cleverly exploiting technical details. The author reported the bug to Google, and it has since been patched.

Read more
(0x44.xyz)
Development

Critical ChromeOS Vulnerability: Full System Compromise via Chrome Extensions

2025-05-28

A security researcher discovered a critical vulnerability in ChromeOS's file manager that allows malicious Chrome extensions to gain complete system control. Exploiting a filesystem:chrome://file-manager URL, the vulnerability allows reading and writing user files and executing arbitrary code. The flaw leverages outdated JavaScript APIs in ChromeOS and misconfigurations of chrome:// page permissions. The attacker can achieve full system compromise, accessing user data, modifying system settings, and even executing malicious code via Crostini. While patched, the vulnerability highlights the risk of long-standing design choices in large, complex systems like Chrome/ChromeOS.

Read more
(0x44.xyz)
Tech ChromeOS vulnerability

Beyond Zig and Rust: A More Human-Friendly Approach to Metaprogramming

2025-05-26

This article explores a novel programming language design that combines the strengths of Rust's Hindley-Milner type system and Zig's compile-time capabilities, while avoiding the complexities of Zig's 'types as values' approach. By introducing the `@` operator for compile-time execution, the `Abstract` type for compile-time abstractions, `TypeInfo` and `Field` types for type introspection, and `Code` and `parse` functions for code manipulation, this design achieves powerful metaprogramming capabilities such as automatic code generation and the implementation of TypeScript-like utility types like `Partial`, all while maintaining code readability and ease of reasoning. This represents a new approach to achieving powerful metaprogramming while preserving type system friendliness, offering fresh perspectives for future language design.

Read more
(0x44.xyz)
Development