Chrome adds new defence for cross-site scripting attacks
Google has released Chrome 18.104.22.168 for Mac and Linux into its developer channel (a.k.a. the Dev channel). In addition to several bug fixes, the latest Dev release of Google's web browser adds a new defence for cross-site scripting (XSS) attacks.
The 22.214.171.124 release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an academic paper that will describe the new filter in further detail at a later time.
More details about the release are available in a post on the Google Chrome Releases Blog and in the SVN log of revisions. Chrome 126.96.36.199 is available to download for Mac and Linux (32-bit and 64-bit). As this is a Dev channel release, use in production environments and on mission critical machines is not advised.