Chrome Security Tip

I’ve written a full guide for locking down Chrome but I’d like to point this piece out in particular.

We can set Chrome to block Javascript globally and then allow by top level domain (ie: .com, .org.) This means that we can block Javascript on many sites without it bothering us. By blocking Javascript on domains like .ru and .cn we actually block a fair amount of pages that could otherwise be used against us.

Image

Notice that I’ve done the same thing with plugins.

Image

Hackers will often attack a legitimate page (which might be whitelisted) and then open a separate frame to an exploit page, which could have a top level domain of .ru or .cn or whatever. This would instantly kill that exploit.
The nice thing about this little tip is that you’re unlikely to run into a TLD that’s legitimate but not whitelisted so you’ll rarely have to interact with the system, it works silently.

One thought on “Chrome Security Tip

Leave a Reply

Your email address will not be published. Required fields are marked *