Computerworld reports that Google has announced it has added five new security features to Chrome. Two of the five features are particularly notable because they already exist in Microsoft’s Internet Explorer 8.
Chrome now protects against “clickjacking,” a term used to describe browser-based attacks that trick users into clicking on site buttons or Web forms, with “X-Frame Options.” Another IE8-inspired security feature is cross-site scripting protection. The new XSS filter checks for reflective XSS. Adam Barth, a software engineer on the Chrome team, explains:
The XSS filter checks whether a script that’s about to run on a Web page is also present in the request that fetched that Web page. If the script is present in the request, that’s a strong indication that the Web server might have been tricked into reflecting the script.