Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday September 14 2019, @05:54AM   Printer-friendly
from the what-doesn't-kill-you... dept.

Google Chrome 77 Breaks Login Pages on Netgear Devices:

Google Chrome 77, released yesterday, has broken the login pages on modern Netegar[sic] devices, according to an avalanche of complaints on the company's official forum.

Devices like Nighthawk routers [1, 2, 3], Orbi WiFi meshes/routers, N600 modems, and ReadyNAS network-attached storage (NAS) systems [1, 2] appear to have been impacted.

According to reports, users trying to access their devices' admin page are either being redirected to the password page instead, or seeing an access denied error message.

While most people don't need to access their routers or modems' administration pages on a daily basis, the issue has had a more significant impact on owners of Netgear NAS equipment.

Netgear suggests using Firefox or Edge as a workaround.

Personally, I've never been a fan of automatic updating. Feel free to remind me to check, but it should be my decision to actually perform the check and/or update


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by choose another one on Saturday September 14 2019, @08:59AM (3 children)

    by choose another one (515) Subscriber Badge on Saturday September 14 2019, @08:59AM (#894013)

    Gory detail of what it all means is in https://bugs.chromium.org/p/chromium/issues/detail?id=992639 [chromium.org]

    In short, first 401 response handling - interstitial responses / pages that are usually never seen. The routers may be doing a client-side redirect in the 401 content, which I don't think is anything out-of-spec, chrome shouldn't be displaying the content at that point.

    Reading down the thread this was all debugged and the change disabled for the release - but someone ****ed up the merge, and ****ed up checking the final code result and the bug wasn't actually fixed.

    Detail:

    401 is IIRC effectively a challenge not a permanent failure, and an auth header must be included, client is supposed to ask for credentials and then try again with credentials, only a failure later in the process should result in the actual 401 content being displayed. If there is a javascript redirect or similar in 401 _content_ (which I don't think is anything out-of-spec) and the browser is rendering the 401 content on first sight (which is, umm, odd, and possibly out-of-spec), then the auth process never gets a chance.

    Relevant bit of RFC - I would say Chrome suddenly decided to ignore the "if"s:

    If the request included authentication credentials, then the 401
          response indicates that authorization has been refused for those
          credentials. The user agent MAY repeat the request with a new or
          replaced Authorization header field (Section 4.2). If the 401
          response contains the same challenge as the prior response, and the
          user agent has already attempted authentication at least once, then
          the user agent SHOULD present the enclosed representation to the
          user, since it usually contains relevant diagnostic information.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2, Interesting) by Anonymous Coward on Saturday September 14 2019, @12:12PM (1 child)

    by Anonymous Coward on Saturday September 14 2019, @12:12PM (#894041)

    So basically the Chrome devs don't know what the F they are doing. Starting with removing the protocol from the urlbar, which is still causing problems to this day, it's just been a shitshow.

    • (Score: 0) by Anonymous Coward on Saturday September 14 2019, @02:18PM

      by Anonymous Coward on Saturday September 14 2019, @02:18PM (#894064)

      Given all the crap the Chrome dev's have been doing (remove http: from url bar, etc.), yes, the Chrome dev's simply do not know what the F they are doing.

      Stop using Chrome.... That is the only option.

  • (Score: 0) by Anonymous Coward on Sunday September 15 2019, @04:57AM

    by Anonymous Coward on Sunday September 15 2019, @04:57AM (#894256)

    That is weird. I followed the workaround on the support page and rebooted my Windows machine and it worked in Chrome. If it is what you say, how would that have fixed it? It definitely didn't update to a new version before I tried after reboot.