contentsecuritypolicy
Latest
Google blocks Gmail add-ons that can spy on your messages
Google isn't satisfied with securing Gmail itself from prying eyes; it's blocking sinister add-ons, too. The email service now supports Content Security Policy, which prevents web extensions from running code that could bypass security or otherwise wreck your day. The move shouldn't create havoc with honest add-ons, but Google acknowledges that some of them might need updates to work properly. That's a headache if you rely on these extras to sweeten your Gmail experience, but the move could be worth the tradeoff if it prevents someone from snooping on your messages.
Chrome 25 beta folds in Web Speech recognition, security whitelists
It's that special time of the season -- the time when Google posts another Chrome beta and teases what more timid among us will see in the stable release. With Chrome 25, the focus is on voice. The new beta includes the Web Speech API and lets us issue voice commands or dictation through a snippet of JavaScript embedded on a given page. Security is tightening up at the same time through support for unprefixed Content Security Policy headers, which let web developers craft a narrow whitelist of pages and resources that are safe to load. As always, the nitty-gritty details of the beta browser (and the browser itself) are ready at the source link; those of us still a bit beta-shy can wait a few weeks to get the more polished code.
