{"id":5460,"date":"2025-05-17T04:55:57","date_gmt":"2025-05-16T20:55:57","guid":{"rendered":"https:\/\/cicserver.com\/google-patches-chrome-vulnerability-used-for-account-takeover-and-mfa-bypass\/"},"modified":"2025-05-17T04:55:57","modified_gmt":"2025-05-16T20:55:57","slug":"google-patches-chrome-vulnerability-used-for-account-takeover-and-mfa-bypass","status":"publish","type":"post","link":"https:\/\/cicserver.com\/de\/google-patches-chrome-vulnerability-used-for-account-takeover-and-mfa-bypass\/","title":{"rendered":"Google patches Chrome vulnerability used for account takeover and MFA bypass"},"content":{"rendered":"<p><br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/www.csoonline.com\/wp-content\/uploads\/2025\/05\/3986931-0-49557300-1747336773-Wird-Chrome-bald-zum-%E2%80%9EAI-first-Erlebnis-dank-OpenAI.jpg?quality=50&amp;strip=all\" \/><\/p>\n<div>\n<p>\u201cUnlike other browsers, Chrome resolves the Link header on subresource requests. But what\u2019s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,\u201d he wrote.<\/p>\n<p>Link headers are used by websites to tell a browser about important page resources, for example, images, that it should preload. As part of the HTTP response that happens before the browser encounters any HTML, this accelerates response times. When the browser goes hunting for the resource, usually on a third-party server, it transmits a URL containing information about the requesting site, as allowed by the referrer-policy.<\/p>\n<p>Unfortunately, in Chrome this URL can also include information with a bearing on security, such as <a href=\"https:\/\/www.csoonline.com\/article\/562635\/what-is-oauth-how-the-open-authorization-framework-works.html\">OAuth<\/a> flows used for authentication.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u201cUnlike other browsers, Chrome resolves the Link header on subresource requests. But what\u2019s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,\u201d he wrote. Link headers are used by websites to tell a browser about important page resources, for example, images, [&hellip;]<\/p>","protected":false},"author":3,"featured_media":5461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-5460","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog"},"_links":{"self":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/comments?post=5460"}],"version-history":[{"count":0,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/5460\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media\/5461"}],"wp:attachment":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media?parent=5460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/categories?post=5460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/tags?post=5460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}