Looks like there are some unexpected knock-on effects from changes to how Chrome 69 handles URLs: bugs.chromium.org/p/chromium/i

Aside from opening up impersonation attacks that didn’t exist before, it’s buggy too! www.example.www.example.com/ is displayed as example.example.com, which is… not accurate.

Another interesting, clearly wrong behaviour: the “m.” prefix is stripped along with “www.” There’s a weaker consensus that “m.example.com” is the same thing as “example.com”, and obtaining that subdomain on a given site is much easier.

For example, m.tumblr.com is a user’s blog. It’s NOT the mobile version of tumblr.com. But Chrome displays “m.tumblr.com” as “tumblr.com”, which could allow that blog’s owner to impersonate the main site.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!