Comments on: Improving Google Chrome

By: radi

radi — Tue, 16 Sep 2008 11:55:58 +0000

“Let’s have another Chrome Mode which is called Encrypted Mode -> New encrypted window Ctrl + Shift + E. Once inside this window, HTTPS is forced on all requests. No exceptions!”

Can you elaborate a bit more, please? Would this mean that use of HTTPS would be mandated by the browser as opposed to by the web app?

By: Hubert

Hubert — Fri, 12 Sep 2008 12:37:38 +0000

Reasonable idea but I doubt they would ever implement it since it will break many (most) websites.

By: FilipM

FilipM — Thu, 11 Sep 2008 12:51:56 +0000

@ Erlend:
I understand your concern, but if session cookies (and sessions in general) aren’t shared between tabs, there would be no possibility for child-sessions or childprocesses communicating with the parent. Although I’m not fund of the use of childprocesses, somethimes they come in handy. Lots of webapps would have to be rewritten, even the encrypted onces.

By: Erlend

Erlend — Thu, 11 Sep 2008 07:39:06 +0000

I like the idea of having an encrypted mode. One of the things that puzzles me about Chrome, is that even though the tabs run as different processes, session cookies are still shared between the tabs. If they were not shared, that might make XSRF harder, because the sessions were not available when visiting a malicious site in another tab.

By: NurBo

NurBo — Thu, 11 Sep 2008 03:59:36 +0000

Yeah the Google Chrome browser is a great piece of work but they still have a few big bugs to fix. And I also don’t like how the browser itself doesn’t support flash games and videos that we’ll. But its the beta version :)

By: Clefty

Clefty — Thu, 11 Sep 2008 01:38:03 +0000

I think privacy is very important. I didn’t realize there was that problem with leaking session identifiers. Do you think google will be fixing this soon (especially since you say it’s a quick and easy fix)? That’s one thing I’d like fixed before I fully commit to google chrome.

By: Julian A. Rodriguez

Julian A. Rodriguez — Wed, 10 Sep 2008 23:48:39 +0000

yeah it’s a very nice idea but the browser honestly sucks, they need first fix all the simple bugs and bofs in the software; your idea it’s a good begin, btw “big company, bad software” I don’t want to say that about google but something it’s wrong here

By: pdp

pdp — Wed, 10 Sep 2008 16:32:46 +0000

yep, correct. the anti XSS and CSRF features should be global to all browser modes.

By: Ryan Patterson

Ryan Patterson — Wed, 10 Sep 2008 16:21:57 +0000

Sure, it is a great idea, and it’d be easy to do in Firefox via an extension. But it doesn’t protect you from either XSS attacks or CSRFs.