By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows.
This is according to a post today on the Chromium blog that laid out the July release of Chrome 68 for Windows as the target for new rules that will block all third-party apps from injecting scripts into browser sessions.
The idea, explained the Chocolate Factory, is to cut down on stability issues that arise when Chrome lets other apps execute code that can be buggy or incompatible with other software.
“Roughly two-thirds of Windows Chrome users have other applications on their machines that interact with Chrome, such as accessibility or antivirus software,” said Chrome stability team member Chris Hamilton.
“In the past, this software needed to inject code in Chrome in order to function properly; unfortunately, users with software that injects code into Windows Chrome are 15 per cent more likely to experience crashes.”
当心无线扒手!,非接触式卡带来很多便利,黑客可能用扫描仪来搜集信息甚至盗刷金钱,所以带来便利的同时也带来不少安全隐患。

Wondering why your internal .dev web app has stopped working?
READ MORE
免费注册信息系统安全师CISSP在线培训
In particular, the target here seems to be poorly coded AV tools can not only crash the browser or cause slowdowns, but also introduce security vulnerabilities of their own for hackers to exploit.
Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes.
For now, the policy will likely only be of concern to developers. Users won’t notice the development until April 2018, when Chrome 66 will begin showing notifications after Chrome crashes due to injected code. These alerts will finger third-party programs for the cause of the breakdown.
With Chrome 68, the browser will block third-party code in all cases except when the blocking itself would cause a crash. In that case, Chrome will reload, allow the code to run, and then give the user a warning that the third-party software will need to be removed for Chrome to run properly. The warning will be removed and nearly all code injection will be disabled in January of 2019.
“While most software that injects code into Chrome will be affected by these changes, there are some exceptions,” said Hamilton.
“Microsoft-signed code, accessibility software, and IME software will not be affected.”
Google is advising developers to get out ahead of the changes by shifting to extensions or Native Messaging and testing their software for compatibility with Chrome Beta browser builds. Essentially, get rewriting your code, programmers. ®
您组织中的社交网络和个人博客政策如何?员工知晓么?会遵守吗?

猜您喜欢

狂~AKiTiO雷电3磁盘阵列买一送一!
无节操黑客为不良搜索公司蝇头小利而入侵其竞争对手并窃取商业机密
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
微信上线直接转账银行卡功能 超1000元收取0.1%手续费
ADOREPICS EVERESTPOKER
保密知识第一课——准确定密并正确标识国家秘密