Friday12 August 2022

It Feels Like 99 Again as Two Digit Bug May Impact Multiple Browsers May be Impacted by Version Change

Reading time is around minutes.

In mid-1999 software and hardware developers uncovered a bug of sorts that, at first glance, seemed like it would end the computer world as we know it. It was called the Y2K bug and centered around the issue that somehow developers and built their code to with the first two digits of the year input field as hard coded to 19. This mean that when everything rolled over to year 2000, computers and software would see it as 1900. Not exactly where you want to be.

This bug became such a massive issue that some people became convinced that modern banks would crash. They bought gold, bought into hardware devices that claimed they could extend the BIOS life by adding in “20” to the year (for as much as $20 a pop). It was almost funny if some many people had not bought into the panic. Well, January 1, 2000, came and went without major issue, the banks and markets did not crash, and Y2K became just another bump on the road of history and was forgotten by most.

They say that those who forget history are doomed to repeat it. That seems to be what we are seeing now as many are warning about another two-digit flaw. This is not another BIOS year related misstep, instead it is a version issue. Much like Microsoft needing to skip Windows Version 9.x (as it would register as windows 98 or 95), we now see browser versions on the verge of hitting 100.x.

The irony comes in version restrictions and possibly in vulnerability detections. If program code in websites, operating systems, and security tools are set to only see two digits for the version number they could potentially block the use of Edge, Firefox, and Chrome as they roll over to version 100. Much like the Y2K bug the software might see the version as 00.x, or 10.x and it would not be above the minimum allowed version.
If your browser fails the minimum version check then you could have all sorts of fun side effects, everything from not being able to display web pages, to quarantine of the browser app (due to it showing as potentially vulnerable) to just having a ton of false positives in your vulnerability scanner.

Currently some of the larger websites that are allegedly vulnerable to this are T-Mobile, HBO GO, and Yahoo! To get around this most of the browsers mentioned will try some form of version number freezing so they do not fail the version checks. They will continue to patch and provide performance updates, but these will be in the form of hot fixes and will more than likely not change the major version number.

Once again, a lack of forethought and/or knowledge of history has impacted the computer world. It was not enough to have the example of Y2K to look back on, but also have the Windows 9.x example of the same thing. This is a bug that really should not be present in modern programing, and I personally find it more than a bit funny to see it happening all over again, … at least I would if it was not so sad.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.