Chrome adds new defence for cross-site scripting attacks
Google Chrome 4.0.207.0 on Mac OS X.
Google has released Chrome 4.0.207.0 for Mac and Linux into its developer channel (a.k.a. the Dev channel). In addition to several bug fixes, the latest Dev release of Google's web browser adds a new defence for cross-site scripting (XSS) attacks.
The 4.0.207.0 release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an academic paper that will describe the new filter in further detail at a later time.
More details about the release are available in a post on the Google Chrome Releases Blog and in the SVN log of revisions. Chrome 4.0.207.0 is available to download for Mac and Linux (32-bit and 64-bit). As this is a Dev channel release, use in production environments and on mission critical machines is not advised.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
