Recently, many Microsoft employees taking training courses have reported problems accessing documents linked to in those courses in Chrome and Edge. In Edge, the screen looks like this: But the problem isn’t limited to Microsoft’s internal training platform, and can be easily reproduced in Chrome: What’s going on? There are a number of root causesContinue reading “ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox”
Tag Archives: Chrome
Mouse Gestures in Edge
Over twenty years ago, the Opera browser got me hooked on mouse gestures, a way for you to perform common browser actions quickly. After I joined the IE team in 2004, I fell in love with a browser extension written by Ralph Hare and I later blogged about it on the IEBlog and helped RalphContinue reading “Mouse Gestures in Edge”
Browser Security Bugs that Aren’t: JavaScript in PDF
A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) message displayed: Support for JavaScript within PDFs is by-design and expected by the developers of PDF rendering software, including commonContinue reading “Browser Security Bugs that Aren’t: JavaScript in PDF”
pushState and URL Blocking
The Web Platform offers a handy API called pushState that allows a website’s JavaScript to change the URL displayed in the address bar to another URL within the same origin without sending a network request and loading a new page. The pushState API is handy because it means that a Web Application can change theContinue reading “pushState and URL Blocking”
Browser Extensions: Powerful and Potentially Dangerous
Regular readers of my blogs know that I love browser extensions. Extensions can make using your browser more convenient, fun, and secure. Unfortunately, extensions can also break web apps in bizarre or amusing ways, dramatically slow your browser performance, leak your personal data, or compromise your device. The designers of the Chromium extension system createdContinue reading “Browser Extensions: Powerful and Potentially Dangerous”
How Downloads Work
I delivered a one hour session on the internals of file downloads in web browsers at THAT Conference 2024. The slides are here and a MP3 of the talk is available. If you’d prefer to read, much of the content in the talk is found in this blog’s posts that have a Download tag.
Coding at Google
I wrote this a few years back, but I’ve had occasion to cite it yet again when explaining why engineering at Google was awesome. To avoid it getting eaten by the bitbucket, I’m publishing it here. Background: From January 2016 to May 2018, I was a Senior SWE on the Chrome Enamel Security team. GoogleContinue reading “Coding at Google”
Troubleshooting Edge (or Chrome) Broken UI
Last time, we looked at how to troubleshoot browser crashes. However, not all browser problems result in the tab or browser crashing entirely. In some cases, the problem is that some part of the browser UI doesn’t render correctly. This most commonly occurs with parts of the UI that are written in HTML and JavaScript. InContinue reading “Troubleshooting Edge (or Chrome) Broken UI”
Troubleshooting Edge (or Chrome) Browser Crashes
In the modern browser world, there are two types of crashes: browser crashes and renderer crashes. In a browser crash, the entire browser window with all of its tabs simply vanishes, either on startup, or at some point afterward. The next time the browser starts, it should recognize that the last time it exited wasContinue reading “Troubleshooting Edge (or Chrome) Browser Crashes”
ServiceWorkers vs. Network Filtering
In a recent post, I explored how the design of network security features impact the tradeoffs of the system. In that post, I noted that integrating a URL check directly into the browser provides the security check with the best context, because it allows the client to see the full URL being checked and ifContinue reading “ServiceWorkers vs. Network Filtering”
text/plain 