Chrome Adds New Defence For Cross-site Scripting Attacks


Recommended Posts

Chrome adds new defence for cross-site scripting attacks

Google has released Chrome 4.0.207.0 for Mac and Linux into its developer channel (a.k.a. the Dev channel). In addition to several bug fixes, the latest Dev release of Google's web browser adds a new defence for cross-site scripting (XSS) attacks.

The 4.0.207.0 release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an academic paper that will describe the new filter in further detail at a later time.

More details about the release are available in a post on the Google Chrome Releases Blog and in the SVN log of revisions. Chrome 4.0.207.0 is available to download for Mac and Linux (32-bit and 64-bit). As this is a Dev channel release, use in production environments and on mission critical machines is not advised.

Heise security - http://www.h-online.com/security/Chrome-ad...s--/news/114220

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...