Google releases extension to detect risky Javascript behavior

Google has released a new extension for its Google Chrome browser. According to their security blog, Google calls the extension DOM Snitch. According to Google, everyday applications that rely on the web are becoming increasingly complex. This leads to a larger attack surface. Previous tools such as Skipfish and Ratproxy were used to secure server-side code. Now Google has created DOM Snitch to test client-side code.

The extension intercepts JavaScript calls that are closely tied to browser infrastructure. Examples would be document.write or HTMLElement.innerHTML. Once the call is intercepted, the extension records the document URL and a complete trace that assess if the call can be used for cross-site scripting, mixed content, insecure modifications to DOM access, or other client-side issues. The browser extension is real time, meaning that developers can observe DOM modifications as they happen. Google claims the tool has built-in security heuristics and nested views so that developers and testers can spot areas of the application that need more attention. The tools also allows developers to export and share captured DOM modifications in order to perform troubleshooting of issues with their peers.

DOM Snitch is intended for use by developers, testers, security researchers, and advanced users only. It is an experimental extension and will not work flawlessly on every web application. It could cause data loss. Use at your own risk.

Click here to download DOM Snitch.

Report a problem with article
Previous Story

Teenager now charged over LulzSec website attack

Next Story

Man to travel in a box while playing Lord of the Rings Online

17 Comments

Commenting is disabled on this article.

for a while Chrome stopped being fast for me(around version 10 or so and since then it has been awfully slow), and i ditched it for Firefox

allwynd said,
for a while Chrome stopped being fast for me(around version 10 or so and since then it has been awfully slow), and i ditched it for Firefox

thanks for that breaking news

kiwi89 said,
For a while being a troll stopped being fun, so I woke up and stopped posting idiotic comments.

He is right you know. Chrome really goes worse over time. Even more idiotic comment: I've replaced Chrome with IE9 when IE9 was released. Only use chrome when IE has flash issues

Peter van Dam said,

He is right you know. Chrome really goes worse over time. Even more idiotic comment: I've replaced Chrome with IE9 when IE9 was released. Only use chrome when IE has flash issues

i really like Chrome, but when it completely stops working for me

(ive tried reinstalling, trying different versions, installed on different computers, different OSes.. no luck, a friend's PC is with Chrome and at first it was fast, few days ago i used it and it was painfully slow)

then i just move to something that does the job, and its always cool when you see Google updating their browser and enhancing its security, if the problem goes away im always cool with switching back ro Chrome, since for me Fx and Chrome are the best