In association with heise online

11 September 2009, 16:09

Chrome adds new defence for cross-site scripting attacks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Google Chrome on Mac OS X.
Google has released Chrome for Mac and Linux into its developer channel (a.k.a. the Dev channel). In addition to several bug fixes, the latest Dev release of Google's web browser adds a new defence for cross-site scripting (XSS) attacks.

The release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an academic paper that will describe the new filter in further detail at a later time.

More details about the release are available in a post on the Google Chrome Releases Blog and in the SVN log of revisions. Chrome is available to download for Mac and Linux (32-bit and 64-bit). As this is a Dev channel release, use in production environments and on mission critical machines is not advised.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit