Browser font fallback determines the threat. When a page specifies font-family: Arial, Helvetica, sans-serif and a string contains Cyrillic а, the browser checks Arial’s glyph tables, finds Cyrillic coverage, and renders it using Arial’s Cyrillic glyphs — which are pixel-identical to the Latin ones. The CSS font stack you ship determines which column of the danger rate table applies to your users. Arial at 40.8% is a different risk profile from Didot at 19.2%.
Вячеслав Агапов,推荐阅读下载安装 谷歌浏览器 开启极速安全的 上网之旅。获取更多信息
2024年12月24日 星期二 新京报,这一点在WPS官方版本下载中也有详细论述
Trap-and-emulate: IOPL-sensitive instructions