|
|
|
Google Chrome 2.0 Browser Brings More Web Security
By: Brian Prince
2009-05-23
Article Rating:  / 13
There are 10 user comments on this Network Security & Hardware story.
Google Chrome 2.0 browser includes some new security features with which to arm itself as it competes in a browser market still dominated by Microsoft Internet Explorer. The new Chrome features include protections against cross-site request forgery and clickjacking. UPDATE: Google Chrome 2.0 apparently beats the speed of other browsers in many test by anywhere from 20-32% in performance across multiple systems. The latest update to Google Chrome came with a few new bells and whistles, and lots of talk about speed. But what about security?
Browser vendors have been struggling to keep pace with the growing Web threat landscape. Internet Explorer 8 added a number of security features. In the latest release of the browser, Google has included some new protections behind the scenes, including defenses against cross-site request forgery and clickjacking. CSRF is an attack whereby a user is forced to execute unwanted actions in a Web application the user is authenticated in. To guard against CSRF in Chrome 2.0, origin information is sent for POST requests for which the server might change state.
"If you're a bank, you would check the request to make sure that it came from your own site and not from the attacker's site," explained Adam Barth, a software engineer for Chrome. That, he said, is where the origin information would come in handy.
In addition to CSRF protection, Google also added HTML 5's PostMessage to help Website developers build more secure mashup applications.
"As we get into sites that try to do mashups and you take gadgets and interesting things from all over the place, so maybe there's a cool little gadget that shows a bunch of ponies dancing around, and people like ponies so they want ponies on their Web page," Chrome Product Manager Ian Fette said. "I might be fine with having ponies on my Web page, but I don't want to give that gadget permission to muck around with my password so the PostMessage API allows me to communicate with the ponies gadget but it doesn't actually give that gadget the ability to reach out and directly control the rest of my page."
Google also followed in the footsteps of IE 8 with clickjacking protections and the ability to remove thumbnails from the New Tab page for added privacy.
When the browser was first launched in September 2008, Google tried to make a big splash about its security features, touting Chrome's sandboxing of the rendering engine, for example. But the company also experienced a few challengesthe initial release of the browser used a vulnerable version of WebKit, and other vulnerabilities appeared as the security community took the browser for a test run.
Looking ahead, Google has said it has no immediate plans to add Website security zones as in Internet Explorer or to add the ability to disable JavaScript within the user interface. It is possible, however, to disable JavaScript through the command line if that seems to be a way to thwart attacks.
"Our approach with Google Chrome has been to make things as secure as possible by default without the user having to take any actions to go and configure settings," Fette said.
| | Reader Comments: Google Chrome 2 Brings More Security to the Table | | >>> Post your comment now!
| | A different opinionActually there is an opinion that Chrome 2 is not all that safe. Here's a post about it... Posted At: 06-04-09
By: Asphodel | | | | | | chrome dome.I installed chrome in 9/08 when it first came out. It was kinda cool, but then some serious flaws were made evident to me. I had problems with... Posted At: 05-28-09
By: d-nator | | | | | | A user comment on this articleIt is impossible in Chrome to set up proxy settings, that differ from proxy settings in IE. And it's really lack of this browser. Posted At: 05-26-09
By: Anthony | | | | | | OperaOpera Posted At: 05-23-09
By: steve | | | | | | Mouse wheelThe new version of Chrome caused my mouse wheel to stop scrolling. It worked fine with the old version of Chrome, but fails in the new version.... Posted At: 05-23-09
By: Anonymous | | | | | | ChromeStill like the new Firefox and add ons.
But Chrome is moving up to the front lines. Posted At: 05-23-09
By: Sangamo | | | | | | add onsLove the browser, but don't use it very often because it lacks the add ons I want and need to browse the web. Doesn't even let me use google... Posted At: 05-23-09
By: scott | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}RȲ�1P9k^�Y��j,nVO�,m
%ɀg~q~|ɬ*|�6=MG*eUfefeeee}Ggg�D]ݴ1p͙M5��5|zg`HRcgޅ�-3�@oR^P
Ġ�x�nwݶN`P'~��> \?g3U;Y|���,!\�ZNa^:Xy�
yN
�tq�(r~7P7nǾ;sC270 T6'�>6�L(�|H�Bɤ:�ZdQ}9e,�f4öۢCCٰo4\>jrTW�#g}rL>-g`TzEÝ|k7�~+�U�w9*��C[wn5-u�P\tNi\v?
�9N���|'�oL�Z.��JT:( Ԙ8|5�uz�P��%oJ`)ڑVR]jGF[V@a`%�pfQU�>gsK߾ڤ>9;O}1�fPUM�~ 3he+��2hZuܜn9n:MvIs!+|vg>!5M0\̱¬:֪V�1?�!&w�@"rVJZ@R�?#3?_$>�wNHA҉,-9�0N`mYn_�H!-T|Y|ԛE34�i[��2)�ߦI@w[�)�@0 +:���YK�7B��S��_g]p��a4z�@Lt�&:h�)5?�&9gMa�b&DJH?�є=mZW/��(AK/�
ڊ�5|*(if);�/3�A.r)i �� 6=aB+^뻹(4l=�j\�֛esJ�Vt]�;3Eя1Wp�3n�]u/{]t0*>cq4Y`A�-. 8ǹ:on:jAb:??J�jE@U~^p�-Aqb2B��c�=M:gvX�Y8��`���;}JwϧԴfPwH<�:�M�/�G˥qf1�@�
L�na�
8
V8;
u�#uә�=��W45W/h�`G�I
�l"�&q���3)к`��oa2à�F{7t(
�,/��G`\@4�8`�$8ʼ��E�]uCb賀B�=���`Mtև
&��SsfPB�<�JdN˕����] #RRR$S�]HPw9�DJ�
B�!B��0H��V0(VF쎄~
.<���B�I�Cy�d&,gQY,p[/)�͙J2d0U Q=b`&�Qea*0pRx5Vn,`o+GvP#&G#˰` 3G�}= 3̲M҄%�Ll;!i`0Ґ(eNa9��=熳��a\9:�<�f3�35g{80�q}�`] �k9wtݴ٢ͩqb���;_Aa"tL�eB#`9N{��g[,:L:%qK�:0s�k2�'�y�=�.Q1jWuϙ_N#kۖs7M��2߄T�9u# \ă r}͚X� 4ؐ9|&B77cnS^ʚtɕU.F�iJ�W2�1�8�FL�yG
('��wJFJ�V�!zh'>eg�HlYWo%,~k�%fcP.ou�riO_�%��9&ےx��A-ʘ�ŗZZG"��J�P>V�"�Cɧ8$&le6L�E�6���pZ#�nP
jrIj��#S�V+kVM^Me+ �L��
�4
�o�p�*7`bB0
OaN��y6tAz{fl.n� �8y<�2M AP�t
@I55��烆7@ƅ/k%�|1rl^�|Y8/-�{uaWlJs�k4'uM8`ڊ:D�Ӝh2�F��ÑeH�IAʫeU�&-JJY)jBycl
�ԑq,�Y�X6Tȵm>0}�ugNPOK-�˙@�'@:"ZC�'ѠV���Ē8riPzP(
cW�E�.ϳ�>UF�=3�$�h@c4e2f�-4_\0-xcJ�D%xb(�Ogx&\3Qt�P7&8ЙmE4dD� ڸ�/�)cpGl�^��\�~<ׇ��BK
SK@'�Vb`EB�k�ǖ�YCǖbT۔І��[�TR=OqP%�УGii}~هF9#,!_0H�Hzc_7)~(zC9km��{~>RTS�U(Z7MF~TUJJЛgQ�!VI#Ǹ"ZAY_Mkɒ8�khs)p
B0_\PF.^*�%R2wi$yF(%!%��Kg�OPlXC�=B3tMnio�Λk��21簤�v��˽'j�D@KYJ7eVVځ*\$T+IjYt�n:0nȘُYD[��^�:L&rOf�ss]����`_aOn;ܝ9�0�FI
ʾv@ljpw|L2M�:��Wj�jy�>e!r ]N7�.�_Tj
vQ�*�s>P�9�ɷw�nj��SXx|{
kPH�e, ,"z��дr#)=2��fV*UXŵ?hxqLL�^\}ۅ^?h5eQj���E1v�kJV�~�ZgZ�qZ�t(+wg}e_:m^t?����&=~f?Н :u!a�a="g~�`�?�H�LЇ_eCR>"j%u.lb4���LAIP
��4�p="Y�COճ}U\;�y�Ep0Z�<�!hq^�8�K%y�;"˶u�߽�o= rDp'Bjw_�$'d�0
srn^G'�6b��`�xѤĢ^79S��j67 EG/JN�^v�軟o%E߈>O1Ofo4��~ P=8Y,rh縵vRt�1?x�>6�Bz?"Y^3_��{w j�E5p!XIS"�9oթ-xOӆO|�B�a�J;t e~�=m2결uC%�<2OтN蔈'='C8
z>RB'T5˓4/iY(Eqjhd�ꒈ~�~(i&'ءX�ԛ�]5/7'8
$O
kzisq/Ps~%yt4�2kE�e85(~y�M�H��oqFiI�g֢Ѭ]}+
ɏh�8�=Na.O<� �zP/�9U���۾N�+tt�O$Zȍ�ڑq��eީӊNf|��u�+ɅN�o5�W�3kyR̵j�s2f�ucBNj=095kѧ@�ǂ� n�
��A] ��ު�9G�qXx,u|S�M`]EE<.%g-�'�Mw[�!.I߾&3P
+=Ƃ�y��}G��7o�m�\�=eNd>HАYc=ty8#�-[^:ݷؓ�{J'oc Ǯv'ۻw�}Zw[q*ApC<-�L�?Gfc:��M"�IQU֭��UdU)I=Y)G�G8��L�b�`@L6#Oځ{�-�3(��#F-߸_2{K=�7Kx=*A�O�O�w42]awmB%umJˢz%nwQh�r;T%%y(IQ�)"{�"F%{two�
Fu�U6�mt_c�Z�yi�襶N<�;曂;��`!3( ��а�5M��H!q��G )4T8h�l?|n�wcJljl�� 41Q�h�9o�٦h��
�"�a'�zYOC,'��pIFܱ�So-*O_�O�o*NƊ f+�ꈧ W�/5;U�S�&5�.�̼V�&�%o�zЗqi+BuL�|R/�Ȼb�����xN->Ro&s懹�bNp;��VԲCgv�/�Kĝ>&t8ay�Y\W&"
Ţ�x�' x�m 5i�""=0gKj�µ3�j_��V��"o~o~o~o~�2kS'š�Kh&��/J^z1Ks!lș/]�ĮD=Ɣ:SwXt�k��R*Hy���Δ;�$U|�武kKX$�?��DLt�1I_ �d^vƽ�e�/
qCޯ|
t${y?�`4Ho�aW3�~�`W]M';�4P�7l $�_@�?P�FƓ^ې^{n`争-B�%nꐚ�g*V2KWD��Kq9Y��?���'�F�I�p8�65+qPeq19!�[]㕿y]y]y]y]_UK)k�m���9�nt��qe�f�ҳ-bCvh���"7�
ћg �8E�8BQ��xMnTU>S�I�om�WU�SֳʯfA/Pu>|WSW�:Y�lc]*_I�o^�2
n,���\݅1��j:xsc7ŵiͯ08ۡe�ׇO:5WN+zSN)�`�DZllTm)J��^;�/N/���=ދA��cZ�S�_gûZ\s�,�tSzM�\"ūM(:%@rO|k�gN[�Dv�L�6W�B8Amc.&d;6ٓLHj�~6}A+=V4;
mX�[`8Nfŋb{_<�@VE[6bVԽKi敲�g�(-.`3�:�6ꅠdehh֒�_fX+j%M"q0MՖь�SqD紁oR�Xz��"YL"�K)z�^&]ݽ]ż2|�Ms-�E
~��d^"6�8% d^�Lm/'�IZ,b'r�X,hILÑ@u}�sTQ�yz)1�ݫ\����ޛ
�T^Fʼn�ܳEx(^?Sڞ�`܀7s*ZWIY32so9�N;�hFe!;O��Icl|�f��^T��3,M?#"�& K=Mm�.b�m0Dy��uM|z�#o即?.f&�u(,�}wf�sPw£w�iOaR-�-:'_ "E�w���B~s�
7�Vq6��Id'|]"�S0�*�uמQN|l:c�jmۏo��
TŢW\;�#�5|5X�o�È�g2C[ĆWVc#�k�x|�_�EYwn�i.,ح[�e9L
�vzb�dF�yAx!�Fv;�Kb+6Q{$I0pj+jj5��A�^c�E1ckZzD�,?��t�"R�VЮ(>�z�l?��Q�X2Lz��m��ʹ<8?%ԣQ8gFS�Y�h9�b�cjFjU@]-O?�P/���]ZX,:Ȓ~eL<^^A�+ iM��/."�rRIoA�$zTGH�0r�RM�(]Џ�|^k��\Xs̴5̈G�b�v ]��mz^CrJ[7�ݧ5S]<_q�=%o7ݝ�CgnVu���C[wnWcOnH O1p�찌?1�7�WG%{�O��#�ZM�2Ӱp-|
Y?�NRUF��̳i�fPZZ#JvEw(/9
�.ؕ՚Tھ
fOPV�Pn~cZ#A�=K�\� ړv';`^.kZ%y[9i�[S(q�|-�>"Ad�R~|�O|K�� @�xl9�|{\�ۍ54^:]LG8ŸJ�ۯ4b{^jB_7�"|trO3'
J"-:uh'&v* &�tg|{��^hTJӑu
/Na�|$wz̥7b?= θ�8��uǃ�""a=X *>n�de�H�H]Y�Uc
`�xAM$!�F윓M{a�Ȑe3�2��nl`=B;�}c�,9>c!'vq]Q
s��e,a�]ţ.:q0�ra)?Ĉo8fkH�ג s)؇c*|k7�/{ʁR0F$u2��C:���Z�B�h�iED#Rhb��GBcOs?��uǤۭpx�XҚ0! ��YC) �\��cWu6"))ĴF#1Cx
1��SӦ�{Ʌy�vnCcн8||v�[/� T6CĊ�1�gOiX$_A1
<*�$Z�U,mA�S
"P�F:�
��1C�(�^jJ͍$�u�~f6�9p���"(3[��]ă0>]S(OpW'NCjv`�b�\�]:ovN���ի'��P=:Y%)s!aZ;:�_|LR
]�4�Bq0h6@:߰|cm|?뽉e�2'���{x���bRSJ9z�5���3ʰ�LXU˩S����͊g2QqnʅJV!�J�`x�zA
dhz߃;�ZG��L،\�ݹ�1B39^&9nIqst/q{'�}�RGݪ;es/4N-<·ƿd&SR�o4e�š�6u\�«1.ys8,tG_0}4��eK/tg$;G(%lFyї�5�1ũ4M/L̠�7[vS+�t�?ʼnt|Yby5sλژEӦo.uR��Bjs���@1@C|kO{.4"z_m�;�9@/9P~ )By7�9�4hsOd})4>s#\_~)4:;B)ureN9�BC/3^_~�s_-s9s�_�/�}/r{�ȡ��E�^�^'e�SN��S~��909{ s#?0~9ׅws�?]/�r�q�WU?9�{9�^�}~��Z_�c�}Oyߧ�>�>�oʁor�ڿi�&s$CP̑�.Ny��甗��~)W@__�y+%iN�賊�9�+F7_+ʡsTh3�
Я#�dnldҹ:
aq�ʍz�^S_xڞꖽpLڭf]�9hq_l %^a/��^敽$<$x�E£B+�g�ٔl?vFnmlω(c#h��.Ǒrۿ剹?|�k2Y��wI8?{��W].�6pqS0n/�, �4`
�}E��xvY^]Y��j�7�m!ϋ9y}2�o�فOh]��ߊč,y��%�h_10(\��χ>fig�҉/ix@\�t Ccjd1Mk��+c�P<�����Սu]8ۈq�eA(e6Lm (~%6,wb3S@Yȅ=y
�G]р]��,){+1¢�_j
v�ME\kτ�xspnxD�Y��~l+>FՋpO`Hz�BG=X�9�7��tZзkdY9Hz&z�U x$.7=j"1��:
gCJ'Ңwv=鱽�$(\d�~\g;�v̽oh��"�lE�a'�_C ����Xl=$y1|t,G巧g��S���%�^Πo'b�_ws7eQ&PL��c��)JqK+}�HRͤ_[=$sDJrE�)ߠ(b/�yJ>?��T|-
5{\6LDR��}J�0yN:m�v8N@9DEPީ!/[v2R*4%NSЈ�xS:xE�y�?ĵ���&�M��خ;O�q^'��d��9a7Ct%_��ԕU`7g#�~*�3V��œA>p8C3`�ܐ}olI
�C_x��r:���Y W�96�O���}���0uGĦrC�R4Oepw��R�����K�?93_Zmr�xs�g_(L��Wv:yD�t
��] D
�h�ym�x�:" ��B�cVJrX}rcd+xf�:PVEX�l+�R]+�K�ei$Vi)�>�n)ZF#,c-�ԭ<�P8��_C~c.vjm�nJQXƺa#�¶u4m�����щ���o߉n^3Qa[O_p7*�Ѡ,j�
z' l5mEgl3��W'�~ѥ;�7
D^4�mJPU&s)c�M�W\e\)MCS9U�2k��+q�>lgLp�-�ϱeRZ`l/Z6v?�0�+��
|
Network Security & Hardware 
