Google Chrome is known for many things, including that snazzy little logo and the fact that it’s connected to Google all over the place. However, one of the sectors that the tech-savvy enjoy most in Chrome is its security features. Chrome 12 saw the addition of several new security and privacy enhancements, but Google has plenty more on the way. The upcoming version of Chrome (Chrome 13) will be implementing several utterly sexy new security features.
Here’s the brief rundown:
- Authoriziation is being re-worked for sub-resources. Images or other content on a domain that require authorization but originate from a domain other than the URL the user is currently visiting will no longer be able to get authorization; the HTTP basic auth for the subresource is simply blocked.
- The CSP (Content Security Policy) is being added. First introduced in Firefox 4, this new standard is aimed at securing web applications.
- Extra HTTPS security is being added. Certain sites that have an HTTPS and HTTP version available will automatically be accessed via HTTPS to avoid SSLStrip attacks. One site included in this effort is Gmail.
- Javascript URL defenses are being implemented. In cases where the user is tricked into clicking on or pasting a javascript URL into the omnibar of Chrome, a self-XSS defense module will be deployed to counter the attack.
Chrome is already ahead of the pack when it comes to security, being one of the only browsers that hackers – in competitions such as Pwn2Own – have been unable to hijack. By continuing the rapid and effective implementation like the ones mentioned above, Chrome continues to expand its lead and solidify its secure reputation.
[via the Chromium Blog]
