Printed from http://www.electronista.com

Chrome 14 blocks unencrypted scripts on secure sites

updated 09:55 pm EDT, Wed June 22, 2011

Users can still choose to load page anyway

Google appears to have revamped the security features in Chrome 14, an update to the company's browser that is still in beta development. The build currently blocks secure sites from using unencrypted scripts on pages that are supposed to be protected via HTTPS protocols. Aside from JavaScript scripts, the blocks also extend to plug-ins and external CSS stylesheets.

In a post on Google's Chrome support site, the company explains that current browsers only notify users after the insecure scripts have been allowed to run. If the sites happen to be compromised by an attacker using the insecure scripts as an exploit, the damage may have already been done by the time a user realizes that there is a security issue.

Rather than highlighting mixed script sites with a red 'https://' in the location bar, Chrome 14 blocks sites from running any scripts that are not also protected by HTTPS. Users may notice that some sites do not properly display, however the browser will provide a "Allow Anyway" option for bypassing the protection system. The browser also includes a mechanism for notifying site owners of potential problems. [via Google Operating System]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Colin

    Via Facebook

    Joined: Jun 2011

    0

    Awesome!

    I mean, it's bound to become a nightmare for users and webmasters by the time it rolls down to the stable channel, but from a security standpoint, it's a much-needed step forward.

  1. CarlRJ

    Fresh-Faced Recruit

    Joined: Mar 2010

    0

    Late to the party, but...

    This article's title is horribly misleading. The scripts are not encrypted, they are simply delivered over an encrypted channel, just like the rest of a secure (https:...) webpage.

    When you go to your bank's website, you wouldn't say the *website* is encrypted, would you?

    Not new technology. Nothing (much) to see here, folks, move along.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Samsung Galaxy S 5

The Samsung Galaxy S5 might be the phone that Android users have been craving for some time. Information coming out of Mobile World Co ...

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Sponsor

toggle

Most Commented

 
toggle

Popular News