Google Chrome researchers have announced Chromium updates to tackle man in the middle attacks, focusing on "mixed scripting" vulnerabilities.
These vulnerabilities occur when a page served over HTTPS loads a script, CSS or plug-in resource over HTTP.
"A man-in-the-middle attacker (such as someone on the same wireless network) can typically intercept the HTTP resource load and gain full access to the website loading the resource. It's often as bad as if the web page hadn't used HTTPS at all," read a blog post from Chris Evans and Tom Sepez - members of the Google Chrome Security Team.
They announced blocking mixed scripting conditions by default would be trialled in the first Chromium 14 canary release, meaning it could appear in the Google Chrome browser in future releases.
An infobar showing when a script is being blocked will also be added.
"As a user, you can choose to reload the website without the block applied. Ideally, in the longer term, the infobar will not have the option for the user to bypass it," the Google researchers said.
"Our experience shows that some subset of users will attempt to click through' even the scariest of warnings - despite the hazards that can follow."
Tracking your identity
In another security play, Google introduced a new tool on Wednesday to help users monitor their identity on the internet.
Called Me on the Web,' the feature can be found within Google Dashboard beneath the account details link.
Me on the Web offers recommendations of notifications for mentions of users' names or email addresses in websites and news stories.
"Me on the Web also provides links to resources offering information on how to control what third-party information is posted about you on the web," said Andreas Tuerk, Google product manager, in a blog post.
"These include common tips like reaching out to the webmaster of a site to ask for the content to be taken down, or publishing additional information on your own to help make less relevant websites appear farther down in search results."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and FirefoxNews Google was only able to discover the company after an anonymous submission was made to its Chrome bug reporting programme
-
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT adminsNews New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customers
-
Google patches second Chrome browser zero-day of 2022
News Google acted quickly to secure against the type confusion vulnerability that was under active exploitation
-
Acer Chromebook Spin 513 review: Cheap and mostly cheerfulReviews An affordable Chromebook convertible with good looks but mediocre performance
-
Google says Chrome is now faster than Safari on Apple SiliconNews According to Apple's own benchmarks, Chrome 99 scored the highest out of any browser ever tested
-
Google Chrome update fixes zero-day under active exploitation
News Google releases a fresh wave of patches for severe vulnerabilities that could facilitate code execution and system takeover via Google Chrome
-
Raspberry Pi OS finally gets a 64-bit releaseNews After nearly two years in development and beta testing, the 64-bit version unlocks the Raspberry Pi's full 8GB memory
-
Asus Chromebook CX9 (CX9400CE) review: The most stylish Chromebook on the marketReviews A sleek, expensive Chromebook that tries to bring professional style to Google’s OS
