



Google makes it easy to share text with friends and colleagues with the new Chrome 90 feature that allows you to create links to selected text on web pages.

This new feature is currently being rolled out in Chrome 90 and builds on Google’s “Scroll to Text Using URL Fragments” feature introduced earlier this year and is only available in Chrome.

It builds on the ability to scroll to text fragments that you want to see in other browsers: https: //t.co/yky9OIlfQy

— Adrienne Porter Felt (@__ apf __) April 16, 2021

To create a link to the selected text, highlight the text you want to link and right-click. This will result in this, as shown below.[リンクをコピーしてハイライト表示する]A context menu opens that displays the options.

Google Chrome copy link to highlight options

[リンクをコピーしてハイライト表示する]When you click the option, Google Chrome will create a link to the text in the form of a text fragment URL, as shown in the URL below.

https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/#:~:text=NAT%20Slipstreaming%20attacks%20abuse%20a% 20router% 27s% 20Application% 20Level% 20Gateway% 20 (ALG)% 20feature% 20to% 20gain% 20access% 20to% 20any% 20port% 20on% 20an% 20internal% 20network% 2C% 20potentially% 20allowing% 20threat% 20actors% 20to% 20gain % 20access% 20to% 20services% 20that% 20are% 20normally% 20secured% 20by% 20the% 20router.

Paste that URL into Google Chrome’s address bar and press Enter to automatically open the page, scroll to the shared text and highlight it as follows:

The linked text is highlighted

This feature is a great way to share specific text on a web page with people. For example, if you’re trying to share a step that modifies something or points out a particular recipe on a page, you can now link to and highlight specific text for another person.

However, BraveBrowser security researcher Peter Snyder has expressed concern that this feature could allow an attacker to determine if the text is displayed on the page.

“Example: Consider a situation where you can view DNS traffic (such as your company’s network). Send a link to your company’s health portal with #: ~: text = cancer. For a particular page layout, Employees have cancer by looking for the requested resources at the bottom of the page. “

Snyder also explained on Facebook and Twitter how it can be used to detect if a person is a friend or following someone.

“#: ~: In addition to the example of text = cancer, the same approach to determine if you are a friend of Facebook with someone twitter.com #: ~: text = @ handle or many others I’m sure you can use.

The root of all these problems is that this is a SOP violation and another origin can control the initial state of an irrelevant origin. As long as that is done, all kinds of sneaking information (information related to the origin) can occur. “

Brave Browser finally enabled this feature, but now “scrolling only happens when a web page is displayed or displayed, preventing the user from scrolling the page without their knowledge”. I made some changes.

This feature is currently deployed for Chrome 90 users, so it may not work for all users at this time.

If this feature is not enabled in your browser, go to Chrome 90’s chrome: // flags / # copy-link-to-text and[テキストへのリンクをコピー]You can enable it by enabling the feature.

After enabling this feature, restart Chrome when prompted,[リンクをテキストにコピー]The function is enabled.







