Google working on new Chrome security feature to 'obliterate DOM XSS'

silversurfer · Feb 16, 2019

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe from hacking attempts.

This new feature is called Trusted Types and is a browser API that Google has been working on for the past months.

The company's engineers plan to test Trusted Types throughout 2018, between Chrome 73 and Chrome 76, before rolling out and enabling it as a permanent security feature for all Chrome users later in the year --if all goes as planned.

This new security feature was developed with the intent to protect users against one of the three types of cross-site scripting flaws --namely DOM-based (or type-0) XSS.
The other two XSS types are "reflected" and "stored." A detailed breakdown of all three XSS types is available here, for readers looking to learn more on XSS.

HarborFront · Feb 16, 2019

This is a great feature. I wish FF has it too

Hollow · Feb 16, 2019

Google’ Next trap to attract users

Masin · Feb 16, 2019

This is great news hopefully all other major browsers will begin to implement this feature and developers will consider XSS whilst building their sites. I'm glad google are trying to prevent this as its often such an overlooked exploit.

DeepWeb · Feb 16, 2019

Hollow said:
Google’ Next trap to attract users

It seems people will sacrifice privacy if that private information is secured.

Search

Google working on new Chrome security feature to 'obliterate DOM XSS'

silversurfer

Level 85

HarborFront

Level 71

Hollow

Level 3

Masin

New Member

DeepWeb

Level 25

Similar threads