Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Requires user to visit a malicious site

YouTube embeds are such universal things on the web, I doubt anyone would even think twice about security concerns coming from seeing that on a third-party site.

Because it's Google, right? /s



Do you actually need to see it? The exploit should work fine even if the player is not visible.


Strangely, I almost never allow YouTube embeds (or for that matter any embeds) using uMatrix. I click the pop out link that appears in its place.


Nice. What amazes me is how most of big tech's efforts on web development have gone into making you 0.01% more likely to click on an ad, and almost none of has gone into cleaning up the privacy nightmare of 25 years of hacks with clean browser-based protocols.


That's actually a really good idea, I should do that too.. Thanks!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: