Announcement

**numacross** · 28 May 2022, 09:12 AM

Chrome's Local Font Access allows enumerating locally available fonts and metadata on said fonts

Can't wait to be profiled based on the fonts I have installed

Edit: It seems to require a specific permission, but most people click through those anyway...

**skeevy420** · 28 May 2022, 09:19 AM

Originally posted by numacross View Post

Can't wait to be profiled based on the fonts I have installed

Edit: It seems to require a specific permission, but most people click through those anyway...

Next Week: That custom Old English font you installed 7 years ago contains an exploit in the O glyph that allows full root access.

**board** · 28 May 2022, 10:18 AM

Originally posted by numacross View Post

Can't wait to be profiled based on the fonts I have installed

I came here to say the same thing. Meanwhile, Firefox has an anti-fingerprinting setting which makes it harder for trackers to use local fonts as a means to profile users.

Originally posted by numacross View Post

Edit: It seems to require a specific permission, but most people click through those anyway...

Yeah, so it's not really an excuse. The "techies" wont say anything about it because "you can just disable it", leaving (probably) over 90% of people to make uninformed decisions. Besides, permission settings themselves may be used to profile users. It's one bit of finger-printable data for each permission.

**piotrj3** · 28 May 2022, 12:45 PM

Originally posted by skeevy420 View Post

Next Week: That custom Old English font you installed 7 years ago contains an exploit in the O glyph that allows full root access.

There is quite a lot of interesting trickery in fonts, because generally to know which font you have to use, is done by bisection search. Because bisection search has varying time depending on exact glyph you could do in some CTF timing attacks to know exactly what is being printed using fonts. Few RCEs also were existing around fonts. Unlikely it is font that is vulnerable, but libs that are using fonts are quite juicy targets sometimes.

**Mario Junior** · 28 May 2022, 06:52 PM

Chromium based browsers scroll still a garbage on Linux. Incredible!

**Danny3** · 28 May 2022, 07:36 PM

Chrome's Local Font Access allows enumerating locally available fonts and metadata on said fonts, so that they can be used within web applications for custom text stacks.

More spyware and fingerprinting.
Fuck you Google!

**yump** · 28 May 2022, 08:26 PM

Font fingerprinting was already possible. This is actually a good thing, because it paves the way for browsers to ship a fixed set of fonts and only expose local ones if the user opts in.

**Vistaus** · 29 May 2022, 10:35 AM

Originally posted by Mario Junior View Post

Chromium based browsers scroll still a garbage on Linux. Incredible!

Agreed. And the font rendering is also still not as good as in Firefox and esp. Falkon.

**ms178** · 03 June 2022, 08:44 AM

Did they break VA-API again in this build? I tried the usual command line tweak but it seems that it doesn't work anymore (or they changed the needed flags or flag names again). *Edit:* I got it to work, it seems I messed up my settings.

Announcement

Chrome 103 Beta Adds Local Font Access, Deflate-Raw Compression Format

Chrome 103 Beta Adds Local Font Access, Deflate-Raw Compression Format

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment