Tuesday, July 26, 2011

google released guidelines for secure chromium extensions

Chromium is an open-source project which the bedrock for google chrome browser.Its a webkit based project.The idea behind the google chrome is to create a secure  browser for net-surfers.One of the vulnerability of present day browsers are the extensions-particularly poorly written extensions.realising this,google released this guideline--

Extensions are powerful pieces of software in modern browsers, and as such, you should help ensure that your extensions are not susceptible to security exploits. If an attacker manages to exploit a vulnerability in an extension, it’s serious business because they may gain access to the same privileges that the extension has.

The Chrome extensions system has a number of built-in protections to make it more difficult to introduce exploitable code, but certain coding patterns can still open up the risk of exploits like a cross-site scripting (XSS) attack. Many of these mistakes are common to web programming in general, so it wouldn’t be a bad idea to check out one of the many good articles on the net about XSS bugs. Here are some of our recommendations for writing healthier extensions.

  1. Minimize your permissions
  2. Use content_security_policy in your manifest
  3. Don’t use