When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a block of pixels, he can make those pixels look like anything he wants, including the UI of the application itself. He can then induce the user to undertake an unsafe action, and a userContinue reading “The Line of Death”
Category Archives: browsers
Client Certificates on Android
Recently, this interesting tidbit crossed my Twitter feed: Sure enough, if you visited the site in Chrome, you’d get a baffling prompt. My hometown newspaper shows the same thing: Weird, huh? Client certificates are a way for a browser to supply a certificate to the server to verify the client’s identity (in the typical case,Continue reading “Client Certificates on Android”
Security UI in Chrome
The combined address box and search bar at the top of the Chrome window is called the omnibox. The icon and optional verbose state text adjacent to that icon are collectively known as the Security Chip: The security chip can render in a number of states, depending on the status of the page: Secure –Continue reading “Security UI in Chrome”
2016 Brotli Update
Windows 10 Build 14986 adds support for Brotli compression to the Edge browser (but, somewhat surprisingly, not IE11). So at the end of 2016, we now have support for this improved compression algorithm in Chrome, Firefox, Edge, Opera, Brave, Vivaldi, and the long tail of browsers based on Chromium. Of modern browsers, only Apple isContinue reading “2016 Brotli Update”
Useful Resources when Developing Chrome Extensions
I’ve built a handful of Chrome extensions this year, and I wrote up some of what I learned in a post back in March. Since then, I’ve found two more tricks that have proved useful. First, the Chrome Canary channel includes a handy extension error console to quickly expose extension errors. Update: This feature is nowContinue reading “Useful Resources when Developing Chrome Extensions”
text/plain 