The Firefox and Chrome development teams share their progress in minimizing the impact of classic web attacks
ANALYSIS New browser security features offer the tantalizing promise of killing – or at least significantly reducing – many of the classic web security attack vectors.
The improvements represented a culmination of several years of work by many people in the industry, realized in specifications and implementations in Google Chrome 83 and Mozilla Firefox 79.
Security improvement roster
A blog post by Google back in July describes a set of security mechanisms to protect its applications from common web vulnerabilities.
These features offer protection against injection attacks, alongside improved isolation capabilities.
For example, the script nonce attribute, set to an unpredictable token for every page load, “acts as a guarantee that a given script is under the control of the application”.