View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 18, 2014

Google introduces Content Security Policy for Gmail

W3C standard to be deployed on the desktop version of Gmail.

By CBR Staff Writer

Google has added support for Content Security Policy (CSP), which will stop extensions from loading unsafe code that could interfere with Gmail sessions and spread malware into systems.

CSP is a World Wide Web Consortium (W3C) standard for preventing cross-site scripting (XSS), which is aimed at improving web security through light-weight policy expression that interconnects with HTML5’s built-in security policies.

Google is planning to use CSP to vet its extension code, reported Info Security.

Google said: "Most popular (and well-behaved) extensions have already been updated to work with the CSP standard, but if you happen to have any trouble with an extension, try installing its latest version from your browser’s web store (for example, the Chrome Web Store for Chrome users)."

The addition of anther security layer is reportedly part of the search giant’s ongoing Gmail upgrades, which includes two-factor authentication, serving images through secure proxy servers, and requiring HTTPS as the default mechanism.

Google has also reportedly developed Inquisition, an internal web based Java application, built on the Chrome and Google Cloud Platform which is being used in combination with the open-source Firing Range.

Inquisition provides support for HTML5 features and contains a wide range of XSS.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Info Security also cited reports from High-Tech Bridge claiming that more than 90% of XSS flaws can be exploited in ways that advanced users and IT staff will not be able to suspect the activities.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU