Become a fan of Slashdot on Facebook


Forgot your password?

Submission + - Chrome 25 to Support Unprefixed Content Security Policy (

Trailrunner7 writes: Google is continuing to introduce new security technologies in its Chrome browser, and the latest addition on the horizon is support for unprefixed Content Security Policy, a behind-the-scenes improvement designed to prevent malicious script injections. The technology is included in the beta of Chrome 25, which was released earlier this week, and will soon find its way into the stable channel.

One of the many attack vectors that have made life easier for the bad guys in the last few years is cross-site scripting. This attack relies on specific vulnerabilities in Web applications that allow attackers to get their own malicious scripts onto a legitimate Web page. Browsers will then run those scripts as if they were part of the trusted Web page, enabling the attacker to plant malicious code on a victim's machine or steal sensitive data.

Content Security Policy is one mechanism for preventing these kinds of attacks by allowing users to define which content sources they trust. Chrome then will run scripts only from those trusted sources, creating a whitelist of known good content sources and ignoring content from all other sources.

Comment Re:More details here (Score 2, Interesting) 217

From html:

"I will probably never be able to describe just how horrible it has been to be me for the last three or four years, and I certainly will not insult you now by attempting to do so; suffice it to say that anything must be better than this dubious existence. [...] I will be shutting persephone down for an indeterminite period while I try to work out whether I have a future."

That sounds to me like the guy is borderline suicidal. It's sad.

Slashdot Top Deals

Is it possible that software is not like anything else, that it is meant to be discarded: that the whole point is to always see it as a soap bubble?