SVG and CSS filters can leak cross-origin data via iframes from March 6, 2025
Researchers have observed that, in Chrome:
A hostile webpage can create SVG or CSS filters that cover an iframe on the same page and act on the iframe's content.
Specially-crafted filters can be created that vary their performance characteristics (different use of memory bandwidth or compute resources) based on input data.
The induced differences in load can, in turn, be used to leak the input data through a timing sidechannel readable from Javascript.
This actually seems to use the encoder/decoder from the Rust image crate (1), which would bring the opportunity for more memory safe formats once BMP would be accepted.
> Multilingual support also explains why you see things like “1 folder(s)” instead of “1 folder” and “2 folders”. Why not have two format strings, one for when the number of items is exactly one, and one for when the number of items is two or more?
> Well, for one, that would significantly increase the number of strings we would have to carry around. (If you say “just add s to make the plural” then you really need to get out more!)
> For two, some languages (such as Slovene) have a “dual” number in addition to singular and plural. The Lahir language has singular (one), dual (two), trial (three), paucal (a few), and plural (many). So now you have to have perhaps five versions of every string that contains a replaceable number.
> Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production.
It compiled, so they shipped it to everyone all at once without ever running it themselves.
I‘ve heard register windows are more common in embedded
Depending on how liberally you want to define 'register windows', particularly if you include "two register sets", one could certainly say this is true. Many architectures have dual register sets, usually touted as for "fast interrupt handling" or other optimization based on not having to save the whole register file. Even the venerable Z80 has something like this. I have always assumed that's where the original idea grew from: if being able to speed things up by not push/pop-ing the registers is good for one type of context change, why not all/more of them?
I'm not enough of a theoretician or pedant to augur where register windows begin or end, however.
The report says the cooling issue caused "a loss of service availability for a subset of [one] Availability Zone".
How did a single-AZ failure cause outages for two dozen services?
Why did a single-AZ failure mean "approximately half of Cosmos DB clusters in the Australia East region were either down or heavily degraded" and require those clusters to do a cross-region failover?
reply