Java and QuickTime Require Permission in Google Chrome

Last year, Chrome's team promised to add some features that improve plug-in security. One of them is already included in the latest dev builds: "some plug-ins are widely installed but typically not required for today's Internet experience. For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition."

Two of the plug-ins that require permission every time you visit a site that uses them are Oracle's Java and Apple's QuickTime. The two plug-ins are enabled by default, but you need to click "Run this time" or "Always run on this site" to load the full content of the page. You can manually whitelist domains, but there's no way to disable the infobar.



While not many sites use these plug-ins, it's surprising to see that Chrome requires permission before loading Java or QuickTime content, even if you've updated to the latest version of the plug-in. The infobar warning is annoying, some users might ignore it, while others could think that the page tries to install malicious software.

"The reason is to protect the (estimated 90% - 95%) of internet users who do not ever need to instantiate various lesser-used plug-ins. Remember that you just have to press a single button on the sites that you trust to run Java. And then you're done. In fact you're much better than done: you've limited your exposure to Java security vulnerabilities such that a drive-by malware Java ad won't automatically run. I encourage you to read about the evolution of drive-by downloads and pay particular attention to how Java is being used in a lot of current attacks, even when it is fully up to date," explains a Chrome engineer.

An article from November 2010 informs that "a Java exploit has replaced exploits of PDF file weaknesses to become the most common threat, according to G Data SecurityLabs. Java vulnerabilities offer cyber criminals a lot of potential on the technical side, said researchers, and the development and distribution of malicious code is considerably easier than other methods of infecting a system. Topping the list is Java.Trojan.Exploit.Bytverify.N, which exploits a security hole in Java's byte code verifier. Using this exploit allows the execution of malicious code which could enable an attacker to gain control over a victim's system. This trojan is typically found on hacked websites, where it attempts to infect PCs through drive-by download through a manipulated Java applet, researchers said. Just visiting an infected website with an unprotected computer will be enough to infect a system." G Data expects "a significant rise in the number of Java-based malware in the coming months".

Labels

Web Search Gmail Google Docs Mobile YouTube Google Maps Google Chrome User interface Tips iGoogle Social Google Reader Traffic Making Devices cpp programming Ads Image Search Google Calendar tips dan trik Google Video Google Translate web programming Picasa Web Albums Blogger Google News Google Earth Yahoo Android Google Talk Google Plus Greasemonkey Security software download info Firefox extensions Google Toolbar Software OneBox Google Apps Google Suggest SEO Traffic tips Book Search API Acquisitions InOut Visualization Web Design Method for Getting Ultimate Traffic Webmasters Google Desktop How to Blogging Music Nostalgia orkut Google Chrome OS Google Contacts Google Notebook SQL programming Google Local Make Money Windows Live GDrive Google Gears April Fools Day Google Analytics Google Co-op visual basic Knowledge java programming Google Checkout Google Instant Google Bookmarks Google Phone Google Trends Web History mp3 download Easter Egg Google Profiles Blog Search Google Buzz Google Services Site Map for Ur Site game download games trick Google Pack Spam cerita hidup Picasa Product's Marketing Universal Search FeedBurner Google Groups Month in review Twitter Traffic AJAX Search Google Dictionary Google Sites Google Update Page Creator Game Google Finance Google Goggles Google Music file download Annoyances Froogle Google Base Google Latitude Google Voice Google Wave Google Health Google Scholar PlusBox SearchMash teknologi unik video download windows Facebook Traffic Social Media Marketing Yahoo Pipes Google Play Google Promos Google TV SketchUp WEB Domain WWW World Wide Service chord Improve Adsence Earning jurnalistik sistem operasi AdWords Traffic App Designing Tips and Tricks WEB Hosting linux How to Get Hosting Linux Kernel WEB Errors Writing Content award business communication ubuntu unik