Jeffrey Yasskin recently pointed out an interesting security bug:
The idea is, if you had registered googlelogoligature.net then Chrome on Android (and possibly other Google products) would have displayed it as Google.net, potentially tricking users into thinking they were really interacting with Google.
To see how this worked, you can try searching Google for ["googlelogoligature"], and you'll see it shows up as "Google":
Poking in devtools, this is dependent on the specific font they're using, "Google Sans". If I turn that off my "googlelogoligature" shows just as I typed it:
Fonts can include "ligatures", which let font designers special-case specific combinations of letters. These were intended to support things like "f" followed by "i" blending into "fi" nicely, but the feature has been (ab)used for many other things, including complex [...]
---
First published:
May 18th, 2025
Source:
https://www.lesswrong.com/posts/MGGm8B7StJtbhQs56/google-logo-ligature-bug
---
Narrated by TYPE III AUDIO.
---
Images from the article:
Apple Podcasts and Spotify do not show images in the episode description. Try Pocket Casts, or another podcast app.
Senaste avsnitt
En liten tjänst av I'm With Friends. Finns även på engelska.