Printed from http://www.electronista.com

Chrome 14 blocks unencrypted scripts on secure sites

updated 09:55 pm EDT, Wed June 22, 2011

Users can still choose to load page anyway

Google appears to have revamped the security features in Chrome 14, an update to the company's browser that is still in beta development. The build currently blocks secure sites from using unencrypted scripts on pages that are supposed to be protected via HTTPS protocols. Aside from JavaScript scripts, the blocks also extend to plug-ins and external CSS stylesheets.

In a post on Google's Chrome support site, the company explains that current browsers only notify users after the insecure scripts have been allowed to run. If the sites happen to be compromised by an attacker using the insecure scripts as an exploit, the damage may have already been done by the time a user realizes that there is a security issue.

Rather than highlighting mixed script sites with a red 'https://' in the location bar, Chrome 14 blocks sites from running any scripts that are not also protected by HTTPS. Users may notice that some sites do not properly display, however the browser will provide a "Allow Anyway" option for bypassing the protection system. The browser also includes a mechanism for notifying site owners of potential problems. [via Google Operating System]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Colin

    Via Facebook

    Joined: Jun 2011

    0

    Awesome!

    I mean, it's bound to become a nightmare for users and webmasters by the time it rolls down to the stable channel, but from a security standpoint, it's a much-needed step forward.

  1. CarlRJ

    Fresh-Faced Recruit

    Joined: Mar 2010

    0

    Late to the party, but...

    This article's title is horribly misleading. The scripts are not encrypted, they are simply delivered over an encrypted channel, just like the rest of a secure (https:...) webpage.

    When you go to your bank's website, you wouldn't say the *website* is encrypted, would you?

    Not new technology. Nothing (much) to see here, folks, move along.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News