Google's Chrome browser may not have market share to compete with Firefox or Internet Explorer, but it's moving forward nonetheless. Soon it will even have the one feature that was requested by more beta testers than any other: an extension mechanism.
According to a page on Google's site, a future version of Chrome will support a variety of extensions; it's just not clear how they will be implemented yet. Among the goals cited are support for download managers, mash-up extensions, and my own personal favorite, ad blockers. Even industry-standard NPAPI plug-ins will be supported, if all goes according to plan.
But if you believe Eric Lawrence, the security program manager for Microsoft's Internet Explorer, that might not necessarily be a good thing. According to Lawrence, as Web browser software matures and the browser market broadens, the browser itself becomes a more difficult target for malware authors. It's too hard to reach a mass audience if you go that route. Instead, Lawrence says, today's attackers are targeting plug-ins.
Kettle, learn from pot
Initial reactions to Lawrence's comments during a Black Hat Webcast ranged from skepticism to outright derision. After all, who should have less to say about security vulnerabilities in browser components than Microsoft? ActiveX is arguably the most egregious security flaw ever to be intentionally introduced into a piece of software. Why should attackers go to the trouble of breaking a window when they can just walk in the front door?
But the intense scrutiny and criticism that ActiveX has weathered over the years has actually done the technology some good. ActiveX attacks persist, but they mostly rely on older versions of Internet Explorer that lack security improvements introduced in IE7. Meanwhile, other, less obvious targets have become the victims of more recent exploits.
For example, in 2007 security researchers demonstrated how sending a malformed PDF file to the Adobe Reader plug-in could cause a browser to execute mandatory JavaScript code. Another Adobe Reader flaw left browsers open to cross-site scripting attacks, and a similar vulnerability plagued the Adobe Flash plug-in earlier this year.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
33 Recommendations
