iOS 17 Wish List Hearing Loss and Dementia AI in Fitness Shokz Headphones on Sale Meal Subscription vs. Takeout Best Solar Companies Verizon 5G Home Internet Best Credit Cards
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Google releases Chrome-based Web security scrutinizer

An open-source Chrome extension called DOM Snitch peers at Web site software sent to the browser and looks for vulnerabilities.

Google Chrome logo

Google today released an open-source tool called DOM Snitch that tries to flag Web site software that would be dangerous to run in a browser.

The software is an experimental Chrome extension that examines how Web site code executes to see if commands could lead to cross-site scripting or other attacks used to deliver malware to computers via a Web browser.

DOM Snitch (download) "enables developers and testers to identify insecure practices commonly found in client-side code," said Google security test engineer Radoslav Vasilev in a blog post. He elaborated:

To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML (among others). Once a JavaScript call has been intercepted, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues.

The move is one of many Google has made of late to improve security on the Web--a medium the company believes is the programming platform of the future and that holds a dominant role in its own business. The company also is working hard to improve Chrome's own security.

Other open-source Google security products include Skipfish and Ratproxy, which let people test the security of Web applications.