![]() Intranet sites that are vulnerable to cross-site-scripting and cross-site-request-forgery are not protected from malicious Internet websites. There is no differentiation or explicit separation between Intranet and Internet web pages. There is a risk that secure connections may be subject to a man-in-the-middle attack using a forged certificate HTTPS warning pages including those generated from OCSP checks can be bypassed by the user if a site does not use HSTS. There is a risk of malicious content interacting with content in HTTPS web pages if the user allows the blocked content and the user’s connection is subject to a man-in-the-middle attack Enabling mixed content breaks the security boundary between trusted and untrusted content. ![]() Mixed content (ie an HTTPS site loading scripts and web resources from an unencrypted location) is blocked by default, but can be overridden by users on a per-page basis. If a vulnerability is discovered in a particular cryptographic cypher, users may be under increased risk as they will believe their encrypted traffic is protected appropriately The following significant risks have been identified:Ĭhrome does not support configuration to disable cryptographic cipher suites. There is no facility for the enterprise to log or collect security-related events There is no differentiation between Internet sites and Intranet sitesĮxternal peripheral and sensitive API protection Users can override certificate warnings unless the site implements HSTSīuilt-in authentication schemes cannot be disabled for cleartext channels RecommendationĬhrome does not support configuration to disable cryptographic cipher suites See How the browser can best satisfy the security recommendations for more details about how each of the security recommendations is met. Rows marked represent a more significant risk. Explanatory text indicates that there is something related to that recommendation that the risk owners should be aware of. This browser has been assessed against each of the 12 security recommendations, and that assessment is shown in the table below. A list of allowed trusted apps and extensions can be configured in Group Policy Arbitrary third-party extension installation by users is not permitted in the browser. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |