With the release of Chrome 21, Google ends mixed scripting vulnerabilities -- a "mixed scripting" vulnerability affects HTTPS websites that are improperly implemented. "These vulnerabilities are serious because they eliminate most of the security protections afforded by HTTPS."
Chrome 21, brings along with a good balance between top-flight protection for end users, a pleasant UI experience, and notifications that help buggy websites improve their security.
- "We continue to protect end users by blocking mixed scripting conditions by default, but we now do it in a way that is less intrusive. This change minimizes "security dialog fatigue" and reduces the likelihood that users will expose themselves to risk by clicking through the warning.
- We've improved resistance to so-called "clickjacking" attacks. Electing to run any mixed script is now a two-click process.
- We now silently block mixed scripting conditions for websites that opt in to the HSTS security standard. This is the strongest default protection available," explains Chris Evans and Tom Sepez, Software Engineers.
"Now, if you visit a non-HSTS web site with a mixed scripting condition, a new shield icon in the omnibox (to the right, next to the star) indicates that Chrome's protection has kicked in. You can click on the shield to see the option to run the mixed script, but we don't recommend it. Instead, if you see the shield icon, we recommend contacting the website owners to make sure they know they may have a security vulnerability," Evan explained.
Also, as part of the Google Ideas initiative on illicit networks, Google created an interactive data visualization tool of global small arms and ammunition trading to better understand and map the global arms trade.
The tool produced by Google's Creative Lab team in collaboration with the Igarape Institute is built using the open source WebGL Globe on Google's Chrome Experiments site.
"The visualization reveals patterns and trends in imports and exports of arms and ammunition across the world, making it easy to explore how they relate to conflicts worldwide. You can explore these data points by zooming in and out of the globe, clicking on any country to readjust the view, and using the histogram tool at the bottom to see trading patterns over the years. You can see, for example, that the scale of the global trade in ammunition rivals the scale of trade in actual weapons, an insight underexplored by policymakers today in conflict prevention and resolution," explains Scott Carpenter, Deputy Director, Google Ideas.
You can check out the Global small arms and ammuniation data visulization tool here.