The latest versions of Google Chrome has upgraded the browser’s ability to protect users against potentially vulnerable plugins, which have become a major attack vector in the last year or two. Many users have automatic updates for their browsers enabled, which provides them with the newest version of the application. However, fewer users understand that the plugins and add-ons that are such a large part of the browsers now can be just as much of a security problem.
“With the latest version of Chrome, users will be automatically warned
about any out-of-date plugins. If you run into a page that requires a
plugin that’s not current, it won’t run by default. Instead, you’ll see a
message that will help you get the latest, most secure version of the
Chrome’s ability to warn users about potentially vulnerable plugins is an example of the recent effort by browser manufacturers to give users more information about the ways that attackers can take advantage of vulnerable browser components and options for how to address the issues. Firefox 4, which Mozilla released last week, doesn’t have a similar plugin warning mechanism, but it does include Content Security Policy. The CSP addition helps protect users against cross-site scripting attacks and other common script-based attacks.