.. to dump the spybot that is Google's Chrome browser, than this is it. Now we have confirmation that Chrome actively assists man-in-the-middle attacks.
Great! On top of blatant, active spyware (as detected by MSE) deployment through false pretenses, now we have Chrome harboring extensibility for privilege escalation via intercepted communications and XSS.
In the mean time, Chrome users can self-help by trying this:
(1) switch out to Chrome's non-spyware, Chromium-twin, Iron Browser. (..that is, nuke Google Chrome and install Iron in its place):
http://www.srware.net/en/software_srware_iron.php
and
(2) Install an above average-to-good emulator of NoScript (for FF) called NotScripts - which i'm confident will kill many (if not most) XSS vectors run via Chrome browsing sessions that the author's blog speaks of:
https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn
(I can personally attest to NotScripts doing an excellent job of securing the browser.)
Either way, by all means (lemmings), please read up and do your research ... after all, time is money.
Discussion on:
Message 3 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
