Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Chrome 25 to Support Unprefixed Content Security Policy (

Trailrunner7 writes: Google is continuing to introduce new security technologies in its Chrome browser, and the latest addition on the horizon is support for unprefixed Content Security Policy, a behind-the-scenes improvement designed to prevent malicious script injections. The technology is included in the beta of Chrome 25, which was released earlier this week, and will soon find its way into the stable channel.

One of the many attack vectors that have made life easier for the bad guys in the last few years is cross-site scripting. This attack relies on specific vulnerabilities in Web applications that allow attackers to get their own malicious scripts onto a legitimate Web page. Browsers will then run those scripts as if they were part of the trusted Web page, enabling the attacker to plant malicious code on a victim's machine or steal sensitive data.

Content Security Policy is one mechanism for preventing these kinds of attacks by allowing users to define which content sources they trust. Chrome then will run scripts only from those trusted sources, creating a whitelist of known good content sources and ignoring content from all other sources.

Comment Re:More details here (Score 2, Interesting) 217

From html:

"I will probably never be able to describe just how horrible it has been to be me for the last three or four years, and I certainly will not insult you now by attempting to do so; suffice it to say that anything must be better than this dubious existence. [...] I will be shutting persephone down for an indeterminite period while I try to work out whether I have a future."

That sounds to me like the guy is borderline suicidal. It's sad.

Slashdot Top Deals

Where are the calculations that go with a calculated risk?