We've seen a couple of changes in the Chrome UI recently and one of them attracted some pretty fierce criticism online rather quickly. With the removal of some of the URL components from the address bar I was quite relieved so see a simplification of this complicated UI feature. Turns…
Tag: chrome
Total 9 Posts
I've been playing around with a few of the 'hidden' flags in the Chrome browser and I've come up with a selection of settings that I think really improve the current browsing experience. Here they are if you want to try them out! The Demo Sites For this blog I'm…
We recently saw the release of Chrome 68 which brought with it a default 'Not Secure' warning on all HTTP pages. This change appears to have come as a surprise to many site operators despite plenty of information being posted and distributed about the change and media coverage. Let's take…
With the release of Chrome 68 we're seeing a fundamental shift in our expectations of security on the Web, we will now see the 'Not Secure' warning present on all sites that use HTTP! A long time coming This change may come as a surprise to some people, many people…
Two of the new reporting features in https://report-uri.com currently require additions to the HSTS Preload List in Chromium. Here's a quick guide on how to request your site be added. Update 2nd May: I wrote this blog some time ago and have only just published it now. I'm…
It's been common knowledge in the wider PKI community that Symantec, the Certificate Authority, is currently being distrusted and will soon cease to exist as a CA. My worry is that the wider community doesn't seem fully prepared for the distrust and the impact it will have. Symantec There's a…
I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique and seems like a viable attack vector to bypass them, which is a big problem because both HSTS and HPKP…
An address spoofing vulnerability has been disclosed in Google Chrome that not only allows a site to change the address you see in the address bar, but the certificate if the site uses HTTPS too. The vulnerability The issue was first published on the Full Disclosure mailing list by David…
A recently publicised "flaw" in Chrome and Firefox could allow someone with access to your computer to view all of your online passwords in a matter of seconds. Let's look at exactly what the problem is and what can be done about it. The Issue Just over a…
