Google Chrome’s New Feature Lets You Easily Share Selected Text

Google makes it easy to share text with friends and colleagues with a new Chrome 90 feature that lets you create links to selected text on a web page.

This new feature is rolling out now in Chrome 90 and is built on top of Google’s “Scroll-To-Text using a URL fragment” feature that they introduced earlier this year and is only available in Chrome.

Oh wow, that’s cool! Is this some sort of open standard or Chrome only?

— Robert Philipps (@rophilipps) April 16, 2021

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

To create a link to selected text, simply highlight the text you want to link to and right-click on it. This will open a context menu that displays a “Copy link to highlight” option, as shown below.

When you click on the ‘Copy link to highlight’ option, Google Chrome will create a link to the text in the form of a text fragment URL, as shown by the URL below.

https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/#:~:text=NAT%20Slipstreaming%20attacks%20abuse%20a%20router%27s%20Application%20Level%20Gateway%20(ALG)%20feature%20to%20gain%20access%20to%20any%20port%20on%20an%20internal%20network%2C%20potentially%20allowing%20threat%20actors%20to%20gain%20access%20to%20services%20that%20are%20normally%20secured%20by%20the%20router.

If you paste that URL into a Google Chrome address bar and press enter, it will automatically open the page, scroll to the text you are sharing, and highlight it as shown below:

This feature is a great way to share specific text from a webpage with people. For example, if you are trying to share instructions on fixing something or pointing out a particular recipe on a page, you can now link to and highlight specific text for another person.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

However, Brave Browser security researcher Peter Snyder raised concerns that this feature could allow an attacker to determine if the text appears on a page.

“For example: Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with #:~:text=cancer. On certain page layouts, i might be able tell if the employee has cancer by looking for lower-on-the-page resources being requested.”

Snyder further illustrated how people could use it to detect whether a person is friends or follows someone on Facebook and Twitter.

“Besides the #:~:text=cancer example, I’m certain the same approach could be used to figure out if you’re Facebook friends with someone twitter.com#:~:text=@handle or many many other things.

The root of all these issues is that this is a SOP violation, where a separate origin can control the initial state of an unrelated origin. As long as that’s in place, there will be all sorts of sneaking-information-across-origins related-attacks possible.”

While Brave Browser ultimately enabled this feature, they made some changes so that the “scroll only happens when a web page is/becomes visible which ensures a page can’t scroll to anything without the user knowing.”

As this feature is currently rolling out to Chrome 90 users, it may not work for everyone as of yet.

If the feature is not enabled in your browser, you can enable it by going to chrome://flags/#copy-link-to-text in Chrome 90 and enabling the ‘Copy Link To Text’ feature.

Once you enable the feature, restart Chrome when prompted, and the ‘Copy Link To Text’ feature will now be enabled.