Printed from http://www.electronista.com

Chrome 14 blocks unencrypted scripts on secure sites

updated 09:55 pm EDT, Wed June 22, 2011

Users can still choose to load page anyway

Google appears to have revamped the security features in Chrome 14, an update to the company's browser that is still in beta development. The build currently blocks secure sites from using unencrypted scripts on pages that are supposed to be protected via HTTPS protocols. Aside from JavaScript scripts, the blocks also extend to plug-ins and external CSS stylesheets.

In a post on Google's Chrome support site, the company explains that current browsers only notify users after the insecure scripts have been allowed to run. If the sites happen to be compromised by an attacker using the insecure scripts as an exploit, the damage may have already been done by the time a user realizes that there is a security issue.

Rather than highlighting mixed script sites with a red 'https://' in the location bar, Chrome 14 blocks sites from running any scripts that are not also protected by HTTPS. Users may notice that some sites do not properly display, however the browser will provide a "Allow Anyway" option for bypassing the protection system. The browser also includes a mechanism for notifying site owners of potential problems. [via Google Operating System]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Colin

    Via Facebook

    Joined: Jun 2011

    0

    Awesome!

    I mean, it's bound to become a nightmare for users and webmasters by the time it rolls down to the stable channel, but from a security standpoint, it's a much-needed step forward.

  1. CarlRJ

    Fresh-Faced Recruit

    Joined: Mar 2010

    0

    Late to the party, but...

    This article's title is horribly misleading. The scripts are not encrypted, they are simply delivered over an encrypted channel, just like the rest of a secure (https:...) webpage.

    When you go to your bank's website, you wouldn't say the *website* is encrypted, would you?

    Not new technology. Nothing (much) to see here, folks, move along.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Sponsor

toggle

Most Commented

 
toggle

Popular News