Last year, Chrome's team promised to add some features that improve plug-in security. One of them is already included in the latest dev builds: "some plug-ins are widely installed but typically not required for today's Internet experience. For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition."
Two of the plug-ins that require permission every time you visit a site that uses them are Oracle's Java and Apple's QuickTime. The two plug-ins are enabled by default, but you need to click "Run this time" or "Always run on this site" to load the full content of the page. You can manually whitelist domains, but there's no way to disable the infobar.
While not many sites use these plug-ins, it's surprising to see that Chrome requires permission before loading Java or QuickTime content, even if you've updated to the latest version of the plug-in. The infobar warning is annoying, some users might ignore it, while others could think that the page tries to install malicious software.
"The reason is to protect the (estimated 90% - 95%) of internet users who do not ever need to instantiate various lesser-used plug-ins. Remember that you just have to press a single button on the sites that you trust to run Java. And then you're done. In fact you're much better than done: you've limited your exposure to Java security vulnerabilities such that a drive-by malware Java ad won't automatically run. I encourage you to read about the evolution of drive-by downloads and pay particular attention to how Java is being used in a lot of current attacks, even when it is fully up to date," explains a Chrome engineer.
An article from November 2010 informs that "a Java exploit has replaced exploits of PDF file weaknesses to become the most common threat, according to G Data SecurityLabs. Java vulnerabilities offer cyber criminals a lot of potential on the technical side, said researchers, and the development and distribution of malicious code is considerably easier than other methods of infecting a system. Topping the list is Java.Trojan.Exploit.Bytverify.N, which exploits a security hole in Java's byte code verifier. Using this exploit allows the execution of malicious code which could enable an attacker to gain control over a victim's system. This trojan is typically found on hacked websites, where it attempts to infect PCs through drive-by download through a manipulated Java applet, researchers said. Just visiting an infected website with an unprotected computer will be enough to infect a system." G Data expects "a significant rise in the number of Java-based malware in the coming months".
Labels
Web Search
Gmail
Google Docs
Mobile
YouTube
Google Maps
Google Chrome
User interface
Tips
iGoogle
Social
Google Reader
Traffic Making Devices
cpp programming
Ads
Image Search
Google Calendar
tips dan trik
Google Video
Google Translate
web programming
Picasa Web Albums
Blogger
Google News
Google Earth
Yahoo
Android
Google Talk
Google Plus
Greasemonkey
Security
software download
info
Firefox extensions
Google Toolbar
Software
OneBox
Google Apps
Google Suggest
SEO Traffic tips
Book Search
API
Acquisitions
InOut
Visualization
Web Design Method for Getting Ultimate Traffic
Webmasters
Google Desktop
How to Blogging
Music
Nostalgia
orkut
Google Chrome OS
Google Contacts
Google Notebook
SQL programming
Google Local
Make Money
Windows Live
GDrive
Google Gears
April Fools Day
Google Analytics
Google Co-op
visual basic
Knowledge
java programming
Google Checkout
Google Instant
Google Bookmarks
Google Phone
Google Trends
Web History
mp3 download
Easter Egg
Google Profiles
Blog Search
Google Buzz
Google Services
Site Map for Ur Site
game download
games trick
Google Pack
Spam
cerita hidup
Picasa
Product's Marketing
Universal Search
FeedBurner
Google Groups
Month in review
Twitter Traffic
AJAX Search
Google Dictionary
Google Sites
Google Update
Page Creator
Game
Google Finance
Google Goggles
Google Music
file download
Annoyances
Froogle
Google Base
Google Latitude
Google Voice
Google Wave
Google Health
Google Scholar
PlusBox
SearchMash
teknologi unik
video download
windows
Facebook Traffic
Social Media Marketing
Yahoo Pipes
Google Play
Google Promos
Google TV
SketchUp
WEB Domain
WWW World Wide Service
chord
Improve Adsence Earning
jurnalistik
sistem operasi
AdWords Traffic
App Designing
Tips and Tricks
WEB Hosting
linux
How to Get Hosting
Linux Kernel
WEB Errors
Writing Content
award
business communication
ubuntu
unik