Bracing against the wind  
www.documentroot.com  

Tuesday, March 24, 2009

More Google Chrome Security Problems

1. Chrome doesn't allow you to add a security exceptions. This makes developing web sites and working behind firewalls and proxies difficult, annoying, and unsafe. Google allows exceptions, but not permanent ones, and doesn't allow one-time exceptions, only session level ones. The result of this, in some cases, will be people getting used to "constantly clicking" on exceptions until they learn to ignore ALL security warnings. IMO, that is a major security flaw.


2. Chrome, by default, allows all third party cookies as permanent. This is bizarre and is not a behavior most users would want (go ahead spy on me!). In both IE and Firefox, third party cookies are forced to be "not permanent" by default. In IE, third party sites have to publish privacy policies to get even short-term cookies to work. Chrome, by shipping with lax security here is showing it's colors. Google is probably sick of people trying to block it's Urchin analytics program. "I have an idea, lets get them to download our browser, which, by default, allows unlimited tracking of user behavior". It's an embarrassing day to be a Google employee.

3. If you use Chrome, fix your options by clicking the wrench icon, then Options, then Under the Hood, then "Restrict how third party cookies can be used". If this breaks some sites...good! Chrome should have a way of deescalating third party cookies. Deescalation should be the default.

[View/Post Comments] [Digg] [Del.icio.us] [Stumble]

Home | Email me when this weblog updates: | View Archive

(C) 2002 Erik Aronesty/DocumentRoot.Com. Right to copy, without attribution, is given freely to anyone for any reason.


Listed on BlogShares | Bloghop: the best pretty good | Blogarama | Technorati | Blogwise