Google Chrome 2.0 Browser Brings More Web Security
Google Chrome 2.0 browser includes some new security features with which to arm itself as it competes in a browser market still dominated by Microsoft Internet Explorer. The new Chrome features include protections against cross-site request forgery and clickjacking.
The latest update to Google Chrome came with a few new bells and whistles, and lots of talk about speed. But what about security?
Browser vendors have been struggling to keep pace with the growing Web threat landscape. Internet Explorer 8 added a number of security features. In the latest release of the browser, Google has included some new protections behind the scenes, including defenses against cross-site request forgery and clickjacking. CSRF is an attack whereby a user is forced to execute unwanted actions in a Web application the user is authenticated in. To guard against CSRF in Chrome 2.0, origin information is sent for POST requests for which the server might change state.
UPDATE: Google Chrome 2.0 apparently beats the speed of other browsers in many test by anywhere from 20-32% in performance across multiple systems.
"If you're a bank, you would check the request to make sure that it came from your own site and not from the attacker's site," explained Adam Barth, a software engineer for Chrome. That, he said, is where the origin information would come in handy.