silversurfer

Level 46
Content Creator
Trusted
Malware Hunter
Verified
Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe from hacking attempts.

This new feature is called Trusted Types and is a browser API that Google has been working on for the past months.

The company's engineers plan to test Trusted Types throughout 2018, between Chrome 73 and Chrome 76, before rolling out and enabling it as a permanent security feature for all Chrome users later in the year --if all goes as planned.

This new security feature was developed with the intent to protect users against one of the three types of cross-site scripting flaws --namely DOM-based (or type-0) XSS.
The other two XSS types are "reflected" and "stored." A detailed breakdown of all three XSS types is available here, for readers looking to learn more on XSS.
 

Masin

New Member
This is great news hopefully all other major browsers will begin to implement this feature and developers will consider XSS whilst building their sites. I'm glad google are trying to prevent this as its often such an overlooked exploit.
 

Similar Threads

Similar Threads