←back to thread

Bypassing Google's big anti-adblock update

(0x44.xyz)
1034 points deryilz | 8 comments | 12 Jul 25 19:06 UTC | HN request time: 0.02s | source | bottom
Show context
zulban ◴[13 Jul 25 02:07 UTC] No.44546901[source]
I don't "bypass" Chrome when they want to melt my brain with their business model, I use Firefox. I don't "bypass" Windows when they want to melt my brain with their business model, I use Linux. No idea why so many "hackers" doing "bypasses" can't instead take action that is simpler, long lasting, and easier. Do people need to jerked around 50 times for 20 years before realizing it will keep happening and their "bypasses" are just temporary bandaids?
replies(25): >>44546992 #>>44547048 #>>44547056 #>>44547069 #>>44547113 #>>44547116 #>>44547135 #>>44547149 #>>44547168 #>>44547299 #>>44547355 #>>44547435 #>>44547619 #>>44547764 #>>44547831 #>>44547854 #>>44547934 #>>44547979 #>>44547987 #>>44547998 #>>44548000 #>>44548065 #>>44548153 #>>44551102 #>>44552201 #
1. mrcsharp ◴[13 Jul 25 02:40 UTC] No.44547056[source]
> No idea why so many "hackers" doing "bypasses" ....

Because that's what it means to be a hacker. Yes, installing Firefox is simpler (and I'm a Firefox user) but I respect the effort to overcome Google's measures in disallowing certain addons.

replies(3): >>44547567 #>>44548146 #>>44551592 #
2. whatshisface ◴[13 Jul 25 04:39 UTC] No.44547567[source]
>But I don't know how to make an adblocker, so I decided to report the issue to Google in August 2023. It was patched in Chrome 118 by checking whether extensions using opt_webViewInstanceId actually had WebView permissions. For the report, I netted a massive reward of $0. They decided it wasn't a security issue, and honestly, I agree, because it didn't give extensions access to data they didn't already have.

The effort to overcome the community's chance at discovering the workaround?

replies(2): >>44547631 #>>44547841 #
3. chmod775 ◴[13 Jul 25 04:53 UTC] No.44547631[source]
It was never going to last long enough anyways, being sure to get patched as soon as any adblocker uses it.

It's however still interesting in the sense that it might be fairly trivial to change, so chances are the next adblockers are going to ship executable that wrap chrome, modifying something like that at launch, allowing their extension to make use of it.

Obviously Google is going to hate it when random popular extensions start nagging users to download and install "companion" software in order to work, since that will train users to not think twice about these things and bypasses legitimate security efforts.

But Google made their own bed - and that of their users. Now they all get to lie in it together.

replies(2): >>44547685 #>>44547840 #
4. wongarsu ◴[13 Jul 25 05:05 UTC] No.44547685{3}[source]
Once the legitimate adblock extensions have made the tech news cycle by switching to an executable, all the sketchy adblock extensions will follow, and after them the downright malicious but heavily advertised adblock extensions. Before long Google will have plenty of examples to point to of adblockers shipping malware, allowing them to scare off all the tech-illiterate people (who are the vast majority of users)
5. hinkley ◴[13 Jul 25 05:53 UTC] No.44547840{3}[source]
Meanwhile, mobile Safari literally has a menu item to allow you to use Firefox for ad blocking.
6. mrcsharp ◴[13 Jul 25 05:53 UTC] No.44547841[source]
The blog post shows clear effort that falls under the "hacker" umbrella. That I respect.

The author informing google of the exploit was not the complaint of the parent comment which I took issue with.

7. ◴[13 Jul 25 07:07 UTC] No.44548146[source]
8. zulban ◴[13 Jul 25 16:35 UTC] No.44551592[source]
"Because that's what it means to be a hacker."

Sure. But to me "hacking" this cat and mouse game is not very compelling. I feel like I've seen a thousand articles exactly like this over the years. This won't work in 4 months.

"It was patched in Chrome 118 by ..."

Or already?