Note: This post is part of a series about Web-to-App Communication techniques.Last updated: June 4, 2025 Just over eight years ago, I wrote my last blog post about App Protocols, a class of URI schemes that typically1 open another program on your computer instead of returning data to the web browser. A valid scheme name isContinue reading “Web-to-App Communication: App Protocols”
Category Archives: security
Spying on HTTPS
When I launched Chrome on Thursday, I saw something unexpected: While most users probably would have no idea what to make of this, I happened to know what it means– Chrome is warning me that the system configuration has instructed it to leak the secret keys it uses to encrypt and decrypt HTTPS traffic toContinue reading “Spying on HTTPS”
Updating Browsers Quickly: Flags, Respins, and Components
By this point, most browser enthusiasts know that Chrome has a rapid release cycle, releasing a new stable version of the browser approximately every six 4 weeks (2022 Update: now every four weeks). The Edge team adopted that rapid release cadence for our new browser, and we’re already releasing new Edge Dev Channel builds everyContinue reading “Updating Browsers Quickly: Flags, Respins, and Components”
Protect Your Accounts with 2FA
You should enable “2-Step Verification” for logins to your Google account. Google Authenticator is an app that runs on your iOS or Android phone and gives out 6 digit codes that must be entered when you log in on a device. This can’t really prevent phishing (because a phishing page will just ask you forContinue reading “Protect Your Accounts with 2FA”
Securely Displaying URLs
One of my final projects on the Chrome team was writing an internal document outlining Best Practices for Secure URL Display. Yesterday, it got checked into the public Chromium repro, so if this is a topic that interests you, please have a look! Additionally, at Enigma 2019, the Chrome team released Trickuri (pronounced “trickery”) a tool forContinue reading “Securely Displaying URLs”
text/plain 