Google Chrome Now Blocks Insecure Scripts on HTTPS

JavaScript is a scripting language which is used to provide a lot of functionalities to users without them noticing it. It also powers some of the best known web services out there including and more. However, that a faulty or rogue JavaScript can also cause havoc on your system?

Well, how would you know that unless your browser told it? However, not all browsers tell you when a JavaScript is insecure, but you can count as your friend in this case (at-least the dev version on HTTPS), because it has started to block Insecure scripts while you are browsing a website on a HTTPS connection.

Chrome Blocks Insecure Scripts

As you can see from the above screenshot, Google Chrome now shows you a message saying that it has blocked an insecure script from running on the browser, whilst proving you an option to "Load Anyway". This is done to protect users from running harmful scripts on their system.

This behavior in Google Chrome is similar to them blocking users from accessing harmful websites that they have in their database an will be useful in protecting users.

The help page on this topic shows what Google is doing exactly:

When a website is secured via HTTPS, the web site designer must also ensure that all of the scripts used by the page will be delivered in the same secure manner as the main page itself. The same requirements also apply to the plugins and external CSS stylesheets used by the page, as these have the same considerations as javascript.

When this is not the case (sometimes called a mixed scriptsituation), visitors to the site run the risk that attackers can interfere with the website and change the script so as to serve their own purposes.

Traditionally, browsers have run the mixed script, genuine or not, and notified you after-the-fact by a broken lock icon, a dialog box, or a red https:// in the location bar (in the case of Google Chrome). The problem with this approach is that by the time the script has run, it is already too late, because the script has had access to all of the data on the page.

Google Chrome now protects you by refusing up-front to run any script on a secure page unless it is also being delivered over HTTPS. Data on the page remains secure even in the presence of an attacker, but the downside is that this may cause pages to display improperly. You may wish to let the website owner know that their site is not properly secured. (Note that a poorly-written extension can also sometimes cause this).

You can bypass this protection by clicking Allow Anyway, in which case Google Chrome will refresh the page and load the insecure content. You will then see an https:// displayed in red in the location bar indicating that the page could not be secured.

The above description says that Chrome is only blocking scripts which are served through non-HTTPS on a HTTPS connection. Hopefully, the will improve this behavior and also display the same message on the browser when a known rogue script is running on a website.

Google Chrome Canary Build Introduces An Experimental New Tab Page

The latest version of Google Chrome canary build (14.0.802) houses a lot of changes to the new tab page, sync options and the way apps, bookmarks and the list of most visited sites appear on Google Chrome. Google wants to maximize the browsing area and hide almost everything under shortcuts, which also includes the URL bar and extension buttons.

Before you jump in to find the changes, update Google Chrome canary to it’s latest version and go to the about:flags page.Scroll down and enable all the goodies you want to use in Google Chrome, the latest additions are enabling typed URL sync, enabling the experimental new tab page, restricting instant to search and compact navigation.

When you are done enabling all or some of the new experimental features, hit the Relaunchbutton for the changes to take effect.

Let’s quickly take a look at the new features added to Google Chrome’s latest canary build.

The Experimental New Tab Page



Two separate tabs, one for the list of most visited sites and another for Apps.You can slide between the two tabs and keep your apps on one tab while the list of most visited sites on the other. Furthermore, the list of recently closed tabs is grouped at the bottom of the new tab page, clicking which pulls up a menu where you are shown the option to open recently closed tabs in a new browser window. If only I could figure out the keyboard shortcut for flipping between the two tabs on the new tab page, kind of produces a smartphone effect.

Sync Typed URL’s With Your Google Account


Apart from syncing extensions, bookmarks, passwords and apps with your Google account, you can also sync typed URL’s in Google Chrome. Google understands that the URL’s you type often are important to you and the auto fill suggestion for typed URL’s should be accessible across multiple computers. Hence, say hello to Typed URL sync.

Hide That Toolbar


Enabling the compact navigationfeature from about:flags page will let you hide every other UI element of chrome. This includes the bookmarks toolbar, the address bar and the extension buttons. All in one shot!

The address bar will be hidden by default. To enter a new web address, you have to either open a new tab   or hit the keyboard shortcut Control + L.

This is nice for users who have been using Google Chrome for quite some time. But not so nice for those who are new and need basic options right in front of their eyes. Then, the canary build is for power users, right?

Next Pit Stop for Google Chrome- Taking Communication Real Time

Google Chrome has come a long way from being the newbie in the browser market to being a major and decisive player today, with a say on how all things Google are served to the people. I still remember the first time Google talked of Chrome and announced a web browser saying,

All of us at Google spend much of our time working inside a browser. We search, chat, email and collaborate in a browser. And in our spare time, we shop, bank, read news and keep in touch with friends — all using a browser. Because we spend so much time online, we began seriously thinking about what kind of browser could exist if we started from scratch and built on the best elements out there. We realized that the web had evolved from mainly simple text pages to rich, interactive applications and that we needed to completely rethink the browser. What we really needed was not just a browser, but also a modern platform for web pages and applications, and that’s what we set out to build.

You can still read the legendary announcement here and read the Google Chrome comic here for a walk down memory lane.
Three years have passed since then and Google has brought awesome web-services and things are looking good on the user-level as well (clean and effective). The browser (not just Google Chrome but web browsers in general) is getting stronger day by day and Google Chrome is the first choice for those obsessed with speed.

The next step by Google is to provide a rich social experience inside the browser. I am not talking about Twitter or Facebook here. Think of contemporary communication mediums, ones that are still enjoyed by people. Spot on. Google is planning to bring audio and video chat into the browser as an inherent feature. This will eliminate the need for a third party web-app and a third party desktop application alike.

How is Google Chrome Planning on Being a Skype Killer?

WebRTC is an open source project to take things real time inside a browser. This is achieved using JavaScript APIs and HTML5. However, the backbone for the chat will be a service called GIPS, which is another one of Google’s acquisitions. GIPS specializes in Internet telephony and videoconferencing. Google already has the Google Voice card in place and this feature will bring Google as a major player in the VOIP market.

Once live, the technology can be used with anything Google provides or with any third party service that someone creates leveraging these technologies. The possibilities are endless here. This will most likely be Google’s next big  announcement  about Chrome.

Some further technical details are available here . Also, check this chromium mailing list for clarification.

Google Chrome 12 Stable version for Linux, Mac and Windows is Available Now

Google has announced the final stable release of its Google Chrome browser version  12.0.742.91. The browser is available for all three major operating systems, namely Windows, Linux and Mac. The announcement came yesterday and the latest version includes hardware accelerated 3D CSS and a new Safe Browsing feature.

The final stable version has removed Google Gears support and there are many visible as well as behind-the-scene changes. The dev team has taken care to release binary packages for supported linux distros like Ubuntu and Fedora. All in all, Google Chrome is on a strong roadmap and it is taking on the web-browser world with speed and features.

The list of changes as it appears on the official announcement post on the Google Chrome blog says,

  • Hardware accelerated 3D CSS
  • New Safe Browsing protection against downloading malicious files
  • Ability to delete Flash cookies from inside Chrome
  • Launch Apps by name from the Omnibox
  • Integrated Sync into new settings pages
  • Improved screen reader support
  • New warning when hitting Command-Q on Mac
  • Removal of Google Gears

Apart from these changes, there are numerous security fixes that went into the latest stable release. Some of these fixes had bounty points on them. The Chrome Release blog also wrote,

In addition, we would like to thank David Levin of the Chromium development community, miaubiz, Christian Holler and Martin Barbella for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

We’d also like to call particular attention to Sergey Glazunov’s $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date.

As always, the download is available at the Google Chrome download page.

Google Chrome 13 Hits Dev Channels; Adds Background Apps Support, Multiple Profiles and More

Google has just released 13 to the dev channel and it has a lot of new features which include a working version of Multiple Profile switcher, experimental new tab page and tab grouping. Additionally, Google Chrome 13 also adds a new feature called Compact Navigation and the ability to restrict to search.

The new development version also adds an option to enable the Web Audio API and an option to allow "Background Apps" to continue running even when Chrome is shut down.

Background Apps are   which provide users with functionality that quietly runs in the background without intrusion. Background Apps could be apps that regularly check your email or account and notify you of new updates. The new feature in Google Chrome 13 will allow apps to continue running.

The new "Background Apps" feature is enabled by default, you can disable it by going to "Options -> Under The Hood" and deselect the checkbox next to "Continue running background apps when Google Chrome is closed".

Google Chrome Multiple Profiles

Google Chrome 13 also features a working version of the profile switcher which allows users to use different profiles for different Chrome windows. This will allow users to work with different profiles without having to keep logging in and out. Google Chrome 13 also has the latest Flash player – Version

Google Chrome New Tab Page

Google has been working on the experimental new tab page for a while and it looks like things are finally taking shape in Google Chrome 13. When you enable the feature from about:flags, you will see a new tab page which now lists most visited sites and apps in tabs. It also has additional tabs but they don’t have any content. The new tab feature could allow users to create customizable tabs where they can list out different apps, however, there is no option to customize them right now.

Chrome Hide Toolbar

Google Chrome 13 also has an option to hide the toolbar which can be done by right click on a tab an selecting "Hide the toolbar" from the menu options. Using this option hides the Omnibox and icons. I would prefer to have a keyboard shortcut to enable and disable this feature.  You will need to visit the about:flags page and enable the "Compact Navigation" feature to get this option.

Finally, Google Chrome 13 also adds a new option to restrict Google Instant to only searches. Prior to that, Google Instant would kick in even when you load any webpage. This could get annoying and a feature to disable it is a great addition. You will have to enable this feature in about:flags too.

Overall, it looks like Google Chrome 13 is shaping out really well. Some of the features like multiple profiles and new tab page are really exciting. Hopefully, these changes should hit the beta and stable channels soon.

The Legend of Google Chrome Sandbox is No More

Google Chrome’s sandbox was assumed to be the uber security feature in any browser till date. Prize money worth a whopping hot $20000 and star recognition was not motivation enough to crack Google Chrome’s sandbox. It seemed like Pwn2Own contestants were giving up on hacking Google Chrome. Though now, they will have more hope.


Finally, VUPEN, a security research firm seems to have gotten in and out of the Google Chrome sandbox with ease. They claim this by saying,

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

The attack was carried out on Google Chrome v11.0.696.65 on a Windows 7 64 bit system. This attack exploits the Chrome sandbox and successfully downloads a sample calculator program on your computer. This calculator can of course be any other malicious EXE file if you are a cracker. The guys at VUPEN have refused to release any code for the hack, though they have decided to share it with the Government.

This has come up a few hours from the Google I/O Conference and last I heard, Google I/O was going to be all about Android this time.

As expected always, Google must release a statement on this very soon. Over the years, Google has grown extremely protective of Google Chrome and it was only time before someone hacked the sandbox. Clearly, the sandbox is all that stands between the browser and the hacker. In the meanwhile, you can see this video on YouTube and understand better what is happening there.

Check out the VUPEN research page here.

Three years of legacy comes to an end. Google Chrome finally seems to be hacked.

Google I/O 2011 Keynotes and Conference Details

Google I/O LogoGoogle I/O 2011 is just a few days away and it will host a large number of developers who will be keen to spend two days learning more about Google’s technologies including , , Google APIs, Google Web Toolkit and App Engine among others.

Google I/O will be held on May 10 and 11 at the Moscone Center in San Francisco with the BootCamp being held on May 9, 2011 at the Mission Bay Conference Center is San Francisco. Google I/O 2011 will also have I/O Extended sessions which will be hosted around the world by Google offices, their partners and student ambassadors.


Google has released an official Google I/O app for Android. You can download the Google I/O 2011 app for Android to keep track of all the schedules, detailed session and speaker info, companies in developer sandbox and more.

Google I/O 2011 Android App

This years Keynote speakers have not yet been announced, but it would more likely than not be Android SVP, Andy Rubin and Sundar Pichai the SVP of

Google I/O 2011 might spring up several surprises in the form of the new Android OS codenamed Ice Cream, which will unify the tablet and mobile phone OS. Currently, Google is dealing with multiple OS in the form of for mobiles and Honeycomb for tablets. A unified OS will give developers and manufacturers a simpler way to develop and deploy Android on different devices.

There might also be announcement about Google Chrome OS enabled netbooks being made available to the general public. There have been rumors that Chrome OS based netbooks will be available in June-July 2011 and it looks like Google I/O would be the best time for that announcement.  Other than that, there might be other surprises in the form of updates to Google TV and Google Mobile Ads.

Here is the Google I/O 2011 schedule and keynotes that are going to be held this year.

Google I/O 2011 Schedule and Keynotes

Monday, May 9th 2011

  • On-site check-in – 1PM to 6PM
  • I/O BootCamp – 9AM to 5PM

Tuesday, May 10th 2011

  • On-site check-in from – 7AM to 9PM
  • Keynote – 9AM to 10AM
  • Developer Sandbox – 10AM to 5:30PM
  • Breakout Sessions – 10AM to 5:30PM
  • Office Hours – 12PM to 6:30PM

Wednesday, May 11th 2011

  • On-site check-in from – 7AM to 3PM
  • Keynote – 9:30AM to 10:30AM
  • Developer Sandbox – 10:30AM to 5:30PM
  • Breakout Sessions – 10:45AM to 5:15PM
  • Office Hours – 12PM to 5:30PM

Google I/O will also hold several Office Hours session on Tuesday and Wednesday where they will talk about Google Chrome, Geo Location, Google Apps, App Engine, Developer Tools, , Android, Google TV and Google Mobile Ads among other things. You can visit this page to know proper timings of the Office Hours.

The Breakout Sessions will focus on the similar topics as the Office Hours, however, those sessions will go into more details. You can find schedule of the Breakout sessions here.

You can visit the official Google I/O 2011 site for more information about the events and schedule.

Google Chrome 13 Hits Canary Build; Stable Version Bumped to Chrome 11

Check updates at the bottom of the post

Google has just released 11 to the stable version of the browser for Windows, Mac OS X and Linux. In addition to that the Canary build is now Google Chrome 13. Google Chrome development version has also been updated with the new Profile Switcher feature.


Google Chrome 11 includes several enhancements including speech input through HTML which allows users to speak text and then insert them into HTML forms. The Chrome Blog has a detailed article on how this works with Google Translate.

In addition to that, Google has also updated the development version of the browser to include the new Profile Switcher feature which will allow users to create and switch between multiple sync profiles for different windows. However, the feature is still being developed and does not allow you to create multiple profiles.

The Canary build of Google Chrome has also been bumped to Google Chrome 13 (v13.0.747.0). Both the development and Canary features look identical which means that most of the changes are under the hood.

Tab Grouping Google Chrome

Some of the visible changes in the development and Canary build include “Tab Grouping”, focus existing tab on open and the experimental new tab page which still seems to be experimental. Google Chrome 13 might be shipped to the development version after the Multiple Profile features is fully functional.

Update: Multiple Profiles now work properly in Chrome Canary build 13.0.750.0, this should hopefully be shipped to development version soon. The new Google Chrome 13 build now allows users to create multiple profiles for multiple windows.

Google Chrome To Include Profile Switcher For Multiple Profiles

Update: Google Chrome 13 now supports creating multiple profile for different windows. Check out this post on the new changes in Google Chrome 13.

is one of the best browsers available today and with the Chrome Sync feature, it allows you to easily sync all your bookmarks, passwords, extensions, themes and auto-fill across multiple browsers. Chrome Sync is definitely a good option, however, users still face a problem if they want to have separate profiles for work and home.



The latest Canary Build of Google Chrome 12 (v12.0.741.0 canary build) now has a new feature which will allow you to have Multiple Profiles for different Chrome Windows. According to the description of the feature, Multiple Profiles associates every browser window with a profile, and adds a profile switcher in the upper right corner. Every profile has its own bookmarks, extensions, apps, etc..


Once you enable the Multiple Profiles feature, you will see a profile switcher at the right hand side corner. Users will be able to seamlessly switch between different profiles by clicking on this.   Users can also create a new profile through the switcher or through the options as seen in the first screenshot.

The Multiple Profiles feature seems to be under work right now and does not allow users to create a second profile yet. However, it looks they might add the new feature soon and ship it to the canary and development channel.

Multiple Profile is definitely a great feature and one that I have been waiting for a long time. To enable Multiple Profiles in Chrome (Canary Build Only) type about:flags in your address bar and head to the bottom of the page. Once there, enable “Multiple Profiles” feature and restart the browser.

TweetDeck Launches Web Based Beta Client

is one of my favorite desktop clients for accessing and feeds among other social networking platforms. They also have clients for the , , and . However, the one that impressed me the most was their for .

TweetDeck Web

The TweetDeck Chrome App brought all the goodies from the desktop app to the browser. Today, TweetDeck has announced that they will now be allowing users to access TweetDeck on any web browser using a web app.

As we said at the time, Chrome TweetDeck marks the start of a new era for TweetDeck, with all efforts now focused on building our next-generation products as HTML5 and mobile apps. Since then we have been working hard, not only on improving the existing ChromeDeck experience, but also on bringing the same TweetDeck app to other web platforms.

TweetDeck Web will be available in a limited web beta for users which will be available as a standalone web site and does not require any downloads. However, TweetDeck Web beta will be subject to hourly limits because it will not be using the streaming API from Twitter.

TweetDeck Web will initially be opened up as private beta and users can sign up to get early access at The initial focus group would be users of browsers such as Google Chrome, 3.6, and Safari, with support for and Internet Explorer 9 being added soon

Though TweetDeck is taking a great step forward by taking their platform online, they are not the first one’s to provide a web-based format and several other services like Seesmic, Dabr and HootSuite already provide web based Twitter clients.

However, TweetDeck chrome already notched up an impressive 400,000 users in a short spam of time. It would be interesting to see how much dent they make into the market share of other services by launching the web interface for different browsers.