Microsoft engineer fixes enterprise-level Chromium bug students could exploit to cheat in online tests


Level 73
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Future Chromium-based browsers under administrative control will be able to prevent users from viewing webpage source code for specific URLs, a capability that remained unavailable to enterprise customers for the past three years until a bug fix landed earlier this week.

Back on October 15, 2018 an employee of Amplified IT, a Google education partner since acquired by CDW, filed a bug report describing how the Chromium URL Blocklist – which administrators can set to conform with organization or enterprise policy – doesn't actually work.

Evidently, tech savvy students were viewing the source code of web-based tests to determine the answers.

"With view-source in the URLBlacklist, the view-source:http:// should not be available," the bug report explains. "With schools using Google Forms as a testing platform, students are able to use this shortcut to search through the source of the page, and determine the correct answers."

Despite ample evidence that this was a problem, in the form of confirmation from Google employees reporting similar concerns from education customers and from videos explaining how to view web page source code to cheat, the bug that prevented URL Blocklist from catching when a URL contains the view-source: prefix lingered untended until a few days ago.

It was fixed by Microsoft principal program manager Eric Lawrence, a veteran browser developer who also spent several years at Google. Microsoft's Edge browser, like Google'e Chrome, is based on the open-source Chromium project.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.