Peaches Posted September 12, 2009 Report Share Posted September 12, 2009 Chrome adds new defence for cross-site scripting attacksGoogle has released Chrome 4.0.207.0 for Mac and Linux into its developer channel (a.k.a. the Dev channel). In addition to several bug fixes, the latest Dev release of Google's web browser adds a new defence for cross-site scripting (XSS) attacks. The 4.0.207.0 release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an academic paper that will describe the new filter in further detail at a later time.More details about the release are available in a post on the Google Chrome Releases Blog and in the SVN log of revisions. Chrome 4.0.207.0 is available to download for Mac and Linux (32-bit and 64-bit). As this is a Dev channel release, use in production environments and on mission critical machines is not advised. Heise security - http://www.h-online.com/security/Chrome-ad...s--/news/114220>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.