Gmail Now Protects Your Inbox From Malevolent Extensions


A popular service like Gmail
inevitably becomes a target for
hackers. Over the years, Google has
made quite a few security
improvements, such as requiring
HTTPS connections to prevent
others from getting access to your
email. Today the company
announced that it has
implemented support for Content
Security Policy (CSP) to prevent
cross-site scripting attacks and
malevolent browser plug-ins from
messing with your inbox and
(potentially) stealing your data.
Content Security Policy in the way
Google has implemented it is a
blacklist/whitelist system for
stopping sites from loading unsafe
code from third-party sites and
preventing cross-site scripting
attacks. It uses the HTTP header to
instruct the browser to only execute
and render code from trusted
sites. So if an attacker tries to trick
the site into loading any other
code, the site will simply throw an

Google notes that most popular
extensions for Gmail have already
been updated and should continue
to work as usual. In case one of
your favorite extensions in Chrome
or Firefox stops working, though,
Google recommends updating to
the latest version.

Chrome, Firefox and Safari currently
support CSP. Microsoft’s Internet
Explorer only has limited support
for an older version of it


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s