You are here: Home > Google Chrome News

Google Chrome: New Security Features

March 12, 2010 01:08 PST

Posted by Andrew.

Google has announced a number of security enhancements that "make it easier for developers to build secure web sites", writes Adam Barth, one of the software engineers working on the project. Some security features have already been implemented in other browsers, including Firefox and IE and in significant add-ons like NoScript.

Google Chrome Security Features

Chrome Security: Strict-Transport-Security

Strict-Transport-Security lets a high-security web site tell the browser that it wants to be contacted over a secure connection only. That means the browser will always use HTTPS to connect to the site and will treat all HTTPS errors as hard stops (instead of prompting the user to "click through" certificate errors).

Chrome Security: Cross-Origin Communication with postMessage

postMessage API provides a richer interaction and more secure communication between frames, and enables the creation of more secure versions of existing gadgets.

Chrome Security: CSRF Protection via Origin Header

The Origin header is a new HTML5 feature that helps you defend your site against cross-site request forgery (CSRF) attacks. In a CSRF attack, a malicious web site, say attacker.com, instructs the user's browser to send an HTTP request to a target server, say example.com, that confuses the example.com server into performing some action.

Chrome Security: ClickJacking Protection with X-Frame-Options

First introduced in Internet Explorer 8, X-Frame-Options is a security feature that lets web sites defend themselves against clickjacking attacks. To defend against clickjacking, a web developer can request that a web page not be loaded inside a frame by including the X-Frame-Options: deny HTTP header. X-Frame-Options is implemented in Google Chrome, Internet Explorer 8, and Safari 4.

Chrome Security: Reflective XSS Protection

This feature protects against a type of cross-site scripting (XSS) attack. IE8 introduced an XSS filter which checks if a script that is about to be run is also present in the HTTP request for the page, which is a strong clue that it is an XSS attack. The XSS filter is similar to those found in Internet Explorer 8 and NoScript. Google is implementing their support in the WebKit rendering engine which has some technical advantages and also allows other WebKit-based browsers, such as Apple's, to get the same benefits.

Other resource



#1  posted on March 12, 2010 09:17 PST
I do not need GOOGLE CHROME!!
I can not get rid of it. This is a personal Home computer.
Regards, Ginger Neumayer

#2  posted on April 05, 2010 15:21 PDT
I'm a n00b!

#3  posted on June 26, 2010 09:57 PDT
I had a bunch of my websites hijacked recently. It was such a pain to fix all the problems.

#4  posted on November 04, 2010 20:48 PDT
New Security Features!!! go on support google chrome

#5  posted on December 28, 2010 17:37 PST
Thank you very much. I am wonderring if I can share your article in the bookmarks of society,Then more friends can talk about this problem.

#6  posted on March 02, 2011 00:15 PST
And whats the scam with those New Security Features??!!

#7  posted on March 03, 2011 07:59 PST
It was such a pain to fix all the problems.

#8  posted on April 20, 2011 01:17 PDT
It was such a pain to fix all the problems.

#9  posted on November 02, 2011 18:52 PDT
I'm interested in google chrome,Reliable and beautiful!

Leave your comment
If you want to leave your comment on this article, simply fill out the next form:
Name: * Requirement
E-mail: Optional (won't be published)
Website / Blog: Optional
Are you a human? For anti spammer, please calculate following expression:
4 x 4 + 4 = * Requirement
Comment:
* Requirement
You can use these tags:
[b] Text [/b]: Bold text
[quote] Text [/quote]: Quote text