Thursday, September 04, 2008

More thoughts about Google Chrome 

Chrome will save passwords for you, but unlike Firefox it doesn't let you define a master password that protects all your stored website passwords.

This could be OK. I worry about future occurrences of a problem that happened in 2006, in which malicious code could put up a login form and fool a browser into entering a saved password silently without asking you first. With a master password in place, you'd get a reminder that your browser was about to retrieve and send a password. A master password also makes password storage more secure.

I've been reluctantly coming to the conclusion that the AdBlock Firefox extension is a security measure. Bad guys have figured out that they can expose zillions of people to malicious code by putting that code into an ad. Don't expect to see anything like AdBlock for a browser that comes from an advertising company.

My other favorite way to reduce my exposure, which is to minimize the number of pages I allow to run Javascript, isn't likely to find a home in Chrome. One of Chrome's main design goals is to have a better, stronger, faster Javascript engine.

This could all work out OK. Google has taken steps to limit the harm that web-based malware can do to you. If Google's paid enough attention in the right places, they might be producing a browser with fewer security bugs for bad web pages to exploit.


This page is powered by Blogger. Isn't yours?