Printed from http://www.electronista.com

Chrome 14 blocks unencrypted scripts on secure sites

updated 09:55 pm EDT, Wed June 22, 2011

Users can still choose to load page anyway

Google appears to have revamped the security features in Chrome 14, an update to the company's browser that is still in beta development. The build currently blocks secure sites from using unencrypted scripts on pages that are supposed to be protected via HTTPS protocols. Aside from JavaScript scripts, the blocks also extend to plug-ins and external CSS stylesheets.

In a post on Google's Chrome support site, the company explains that current browsers only notify users after the insecure scripts have been allowed to run. If the sites happen to be compromised by an attacker using the insecure scripts as an exploit, the damage may have already been done by the time a user realizes that there is a security issue.

Rather than highlighting mixed script sites with a red 'https://' in the location bar, Chrome 14 blocks sites from running any scripts that are not also protected by HTTPS. Users may notice that some sites do not properly display, however the browser will provide a "Allow Anyway" option for bypassing the protection system. The browser also includes a mechanism for notifying site owners of potential problems. [via Google Operating System]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Colin

    Via Facebook

    Joined: Jun 2011

    0

    Awesome!

    I mean, it's bound to become a nightmare for users and webmasters by the time it rolls down to the stable channel, but from a security standpoint, it's a much-needed step forward.

  1. CarlRJ

    Fresh-Faced Recruit

    Joined: Mar 2010

    0

    Late to the party, but...

    This article's title is horribly misleading. The scripts are not encrypted, they are simply delivered over an encrypted channel, just like the rest of a secure (https:...) webpage.

    When you go to your bank's website, you wouldn't say the *website* is encrypted, would you?

    Not new technology. Nothing (much) to see here, folks, move along.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Tablo DVR

With over-the-top content options growing past Hulu and Netflix, consumers may be finding it harder to justify paying a monthly fee fo ...

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Sponsor

toggle

Most Commented

 
toggle

Popular News