Jump to content

360 Extreme Explorer Modified Version

Humming Owl
 Share

Recommended Posts

hidao

hidao

Posted
Posted (edited)
21 hours ago, NotHereToPlayGames said:

I do this via Proxomitron.

But for the non-Proxo 360Chrome user, I can follow @Dixel's suggestion and upload a revision within the next day or two.  I'd likely only upload a new rev for build 13.5.2036 as it is the only version I still use.

Unknown which versions we still have MSFN Members using.

It's updated to 13.5.0.2044...

 

Q4R7vZgY.png

Edited by hidao
Link to comment
Share on other sites

Mathwiz

Mathwiz

Posted
Posted (edited)
On 9/18/2023 at 8:58 AM, NotHereToPlayGames said:

I can follow @Dixel's suggestion and upload a revision within the next day or two.

Proxomitron is a good solution, although sites affiliated with Google (e.g., YouTube) will be very image-poor.

Dixel's fix changes the HTTP header that's sent on image requests. It tells the Web server which image formats your browser will accept (and also which ones are preferred).

Unfortunately many Web sites don't respect the header and send WebP images anyway. Certainly a malicious site wouldn't respect the header! So, Dixel's fix isn't a sure-fire WebP block by itself. And since the 360EE browser does accept WebP despite what the http header claims, you can still be victimized.

But, both solutions can be used together! Proxomitron can block any WebP images, and changing the header should tell the server to send a different image format, so you don't lose your images altogether.

Edited by Mathwiz
Link to comment
Share on other sites
Mathwiz

Mathwiz

Posted
Posted

For example, not long ago we discovered....

On 6/26/2023 at 6:42 PM, Mathwiz said:

Bing isn't smart enough not to send WebP to a browser that indicates it doesn't want WebP. Extremely bad practice, indeed.

The only known way to stop Bing from sending its home page image in WebP format is to pretend (via the user agent) to be Internet Exploder! Then you'll get a JPEG, but otherwise, it'll be WebP irrespective of the image format header.

1
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

To be honest, I have opted to do NOTHING.  I'm not in the least bit concerned with all of this recent "hype and propaganda" regarding .webp.

To each their own, of course.  But to ME, it's nothing more than any other virus or malware out there that has never hit my machines.

Reminds me of back in the day when I was a "church goer" and everybody knew I could fix computers so everybody would have me fix them for them.

You'd get the same people over and over again.  To the point that you FINALLY have to tell them (due to the items discovered on their computers), "You wouldn't get these if you stopped visiting p0rn sites."

Sure, there is always the THEORY that .webp could come in via a third-party "advertisement" that your otherwise SAFE web site wouldn't otherwise have, but these 'in the wild" reports DON'T WORK THAT WAY.

Link to comment
Share on other sites
hidao

hidao

Posted
Posted
1 hour ago, NotHereToPlayGames said:

It's still version 86 under the hood and the letters "webp" do not exist in the changelog.

Yes,the updated time is 2023-5-25,I have a account in 360 BBS,but we must to verified phone number to post,I don't want to to this,so...

Link to comment
Share on other sites
Mathwiz

Mathwiz

Posted
Posted
On 9/19/2023 at 10:36 PM, Mathwiz said:

But, both solutions can be used together! Proxomitron can block any WebP images, and changing the header should tell the server to send a different image format, so you don't lose your images altogether.

Since 86 won't be patched, I think this is the best solution. Dixel's fix tells Web sites you don't want WebP, and if a server gives you a WebP image anyway, Proxomitron dumps it.

On 9/19/2023 at 10:55 PM, Mathwiz said:

For example, not long ago we discovered....

The only known way to stop Bing from sending its home page image in WebP format is to pretend (via the user agent) to be Internet Exploder! Then you'll get a JPEG, but otherwise, it'll be WebP irrespective of the image format header.

Of course a Microsoft-owned Web site is very unlikely to host a malicious WebP image. But that was just an example to show that a (possibly malicious) WebP image could be served even with Dixel's fix.

On 9/20/2023 at 2:18 AM, NotHereToPlayGames said:

I have opted to do NOTHING.  I'm not in the least bit concerned with all of this recent "hype and propaganda" regarding .webp.

To each their own, of course.  But to ME, it's nothing more than any other virus or malware out there that has never hit my machines.

I agree with your decision (if not your reasons). It should be up to each individual to evaluate the risk and act according to their own best judgment. If someone wants to take preventive measures, @Dixel has published his patch and Proxomitron is readily available. Personally, I only use 360EE for a few sites, so I haven't taken any precautions myself. If I used it for general browsing, I'd probably be more proactive.

On patched software, I see no reason to distrust WebP. I know some don't like it but there's nothing inherently wrong with the format. It's just that, due to the complexity of decoding it, everyone has been copying Google's open-source decoder, which is actually quite efficient - it just happened to have an exploitable bug. As I said on Roytam's thread, I don't think in the least that this bug was due to ill intent - anyone writing code (me) can make a mistake like this.

I wouldn't categorize these concerns as "propaganda" though - that sounds as if we're being a bit dishonest by raising them.

2
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)
6 hours ago, Mathwiz said:

Since 86 won't be patched

It will not work for the XP crowd, and do not attempt on your actual OS but use a VM instead, but official "upstream" is at v114 as of a week or so ago.  I've ported portions into English but find it to be SLOWER then Ungoogled Chromium v114.

Getting it into a workable ENGLISH web browser would be an extreme undertaking.

Since Ungoogled Chromium is faster and with tons of web browsers available once you are at an OS that is required for newer "upstream" anyway, I'm seeing ZERO need to undertake such a project.

Though v114 does not solve Weppy Scare anyway, it's only an indication that upstream is still evolving.

Edited by NotHereToPlayGames
Link to comment
Share on other sites
  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...