A bug in Google Chrome that allowed the source code of a web page to be viewed despite the administrator forbidding it has been fixed after more than three years. The bug made it possible, for example, to find out the answers of tests in Google Forms.
The bug was reported as early as 2018 by an education partner of Google, according to research by The Register. In managed installations of Chrome, the administrator can protect all kinds of parts of the Chrome browser from the user. The message states that ‘view-source’ as a url blacklist rule does not work, allowing one to view the source code of a web page without permission from the administrator of the browser.
The bug was ultimately not picked up by Chromium lead developer Google, but by Microsoft. In an explanation, the developer in question, a former Google Chrome developer, states that the policy can still be ‘trivially circumvented’, but that it should at least work now.
The developer addressed the bug on November 3rd, and on November 9th, the original reporter of the bug, who opened the topic in 2018, stated that the policy works well in the latest Canary build of Chrome, version 98.0.4696.0. He also demonstrates this with a video. Chromium is the foundation for many browsers, allowing the bug fix to work across multiple apps.