« WASC Distributed Open Proxy Honeypot Shows Brute Force Attacks Against Yahoo | Main | Microsoft publishes BinScope and MiniFuzz »

Chrome adds defence for cross-site scripting attacks, already busted

"The release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an academic paper that will describe the new filter in further detail at a later time." - H-Online

However the folks at the slackers forum are already breaking it. While not totally rock solid still a step in the right direction.

H-Online: http://www.h-online.com/security/Chrome-adds-new-defence-for-cross-site-scripting-attacks--/news/114220


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!