Skip to main content

Google Details Upcoming Chrome Security Features

posted onJune 15, 2011
by l33tdawg

Google has released a list of security features being built into the upcoming Chrome 13 and includes Content Security Policy (CSP) and HTTP Strict Transport Security (HSTS) implementations, certificate pinning and self-XSS filter.

The Content Security Policy (CSP) is a specification developed by Mozilla which aimed at providing a solution for many of today's malicious injection attacks. It allows websites to restrict the sources of content that can be loaded into their pages. For example, a webmaster can provide a list of domains for images, embedded objects, scripts, fonts or frames.

This significantly restricts the options for attackers who currently exploit vulnerabilities to inject rogue iframe and script elements that load content from domains under their control. The CSP implementation in Chrome 13 is only for experimental purposes and webmasters that want to try it out can use the X-WebKit-CSP temporary header.

Source

Tags

Industry News Chrome Google

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th