🌌🐈🐉

Saw this in a discord

Also note that the malicious URL uses a homoglyph slash that's not a real slash

Shoutout to @ireneista for finding the source

This honestly feels at least slightly related to Google's previous attempts at fucking around with how URLs are displayed in Chrome. Like, potentially some sort of… … …attempt to make whatever bespoke solutions they have for preventing these sorts of attacks as necessary as they can.

Emphasis on "feels" and "potentially" — it could just be astonishing incompetence on the part of some middle management there — but. 😬