STE WILLIAMS

If an online service offers even the slightest gap through which miscreants can launch an attack, they will do so. It’s therefore not surprising that Google feels some extensions to its Gmail service may not be entirely friendly to users.

The Chocolate Factory’s, response, announced Tuesday, is to adopt the W3C’s Content Security Policy (CSP_ standard.

The effect of doing so is simple: Gmail extensions that aren’t CSP-compliant won’t work any more as Google’s adoption of the standard means unapproved code won’t load into a browser.

Google warns adopting CSP may mean a few hiccups for users running extensions that comply, but haven’t yet updated to reflect that fact. But the company also feels adopting CSP is a worthy security improvement. ®

Sponsored:
5 critical considerations for enterprise cloud backup

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/12/17/google_bakes_w3c_malwarebuster_into_gmail/