Many web users today are aware of browser cookies, and every major browser allows users to view and delete the browser cookies stored on their computer. However, some users may not be aware that many websites use different types of local storage as well, including Adobe Flash Player ...Read More

Many web users today are aware of browser cookies, and every major browser allows users to view and delete the browser cookies stored on their computer. However, some users may not be aware that many websites use different types of local storage as well, including Adobe Flash Player Local Shared Objects (LSOs), referred to by some people as “Flash cookies.”

In the past, in order to view Flash LSOs and delete them from your computer, you had to visit an online settings application on Adobe’s website. To make local storage data deletion easier, we worked with Adobe and others in the web community to design the NPAPI ClearSiteData API. This API, which Adobe has implemented in Flash Player 10.3, has made it possible to delete Flash LSOs directly from the browser itself.

As of this week’s Chrome Dev channel release, you can delete local plug-in storage data (such as Flash LSOs) from within Chrome by clicking Wrench > Tools > Clear browsing data and selecting “Delete cookies and other site and plug-in data.”
Above: The chrome://settings/clearBrowserData dialog.


“Plug-in data” here refers to client-side data stored by plug-ins that obey the NPAPI ClearSiteData API, such as Flash Player 10.3. You can also configure Chrome’s content settings to clear plug-in data automatically whenever you close the browser.
Above: The chrome://settings/content dialog.

To our knowledge, Adobe Flash Player is currently the only NPAPI plug-in which has implemented support for the NPAPI ClearSiteData API, but we hope other plug-ins will follow suit. We believe providing control over plug-in data directly in the browser creates a better experience for both users and website developers.

Posted by Bernhard Bauer, Software Engineer

One of the biggest challenges in JavaScript development is dealing with script errors. We’ve been working hard to improve and extend the set of tools that lets you better understand how your JavaScript code works. Let’s have a quick look at five features of ...Read More

One of the biggest challenges in JavaScript development is dealing with script errors. We’ve been working hard to improve and extend the set of tools that lets you better understand how your JavaScript code works. Let’s have a quick look at five features of Google Chrome Developer Tools that can help you work with exceptions and stack traces more efficiently:

• Exception call stack. When something goes wrong, you can open the developer tools console. There you’ll find a number of uncaught JavaScript exception messages there. Each message has a link to the file name with the line number you can navigate to. However, there might be several execution paths that lead to the error and it’s not always obvious which one of them has happened. Exceptions in the console are now accompanied with the complete JavaScript call stacks after the developer tools window has been opened.
• Pause on exception. The developer tools’ Scripts panel enables you to pause JavaScript execution each time an exception is thrown and inspect its call stack, scope variables and state of your app. You can choose whether to pause only on uncaught exceptions or on all exceptions.
• Logging stack traces. Printing log messages to the developer tools console is also very helpful in understanding how your application behaves. Now you can make the log entries even more informative by including associated stack traces. You can instrument your code with console.trace() calls that would print current JavaScript call stack. Moreover, you can check that some invariants are true using console.assert() which prints a full stack trace when its conditional expression passed as first parameter evaluate to false.



• Error.stack. Each Error object has a property named “stack” that contains the stack trace.
• Handler function for window.onerror. Recently we’ve added support for setting a handler function to window.onerror. Whenever a JavaScript exception is thrown in the window context and is not caught by any try/catch block, the function will be invoked with the exception’s message, the URL of the file where the exception was thrown and the line number in that file passed as three arguments in that order. You may find it convenient to set an error handler that would collect information about uncaught exceptions and report it back to your server.

For a more complete reference on working with the Google Chrome Developer Tools, check out our home page. We further described improvements to exception handling and stack traces in our recent WebKit blog post.

Posted by Yury Semikhatsky, Software Engineer

[cross-posted on the Google Online Security Blog] Read More

[cross-posted on the Google Online Security Blog]

For the past five years Google has been offering protection to users against websites that attempt to distribute malware via drive-by downloads — that is, infections that harm users’ computers when they simply visit a vulnerable site. The data produced by our systems and published via the Safe Browsing API is used by Google search and browsers such as Google Chrome, Firefox, and Safari to warn users who may attempt to visit these dangerous webpages.

Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content. It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently. These downloads may even perform actions without the user’s consent, such as displaying spam ads, performing click fraud, or stealing other users’ passwords. Such sites usually don’t attempt to exploit vulnerabilities on the user’s computer system. Instead, they use social engineering to entice users to download and run the malicious content.

Today we’re pleased to announce a new feature that aims to protect users against these kinds of downloads, starting with malicious Windows executables. The new feature will be integrated with Google Chrome and will display a warning if a user attempts to download a suspected malicious executable file:

Download warning

This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API. The new feature follows the same privacy policy currently in use by the Safe Browsing feature. For example, this feature does not enable Google to determine the URLs you are visiting.

We’re starting with a small-scale experimental phase for a subset of our users who subscribe to the Chrome development release channel, and we hope to make this feature available to all users in the next stable release of Google Chrome. We hope that the feature will improve our users’ online experience and help make the Internet a safer place.

For webmasters, you can continue to use the same interface provided by Google Webmaster Tools to learn about malware issues with your sites. These tools include binaries that have been identified by this new feature, and the same review process will apply.

Posted by Moheeb Abu Rajab, Google Security Team

In the latest Chrome beta release, we made available two new experimental extension APIs: the Web Navigation and Proxy Extension APIs. They are the first in a series of low-level APIs ...Read More

In the latest Chrome beta release, we made available two new experimental extension APIs: the Web Navigation and Proxy Extension APIs. They are the first in a series of low-level APIs that allow extension and application authors integrate more closely with the user’s browsing experience. We're excited about these APIs and want to get them in front of developers early so we can receive their feedback on any additional needs.

• The Web Navigation Extension API allows extension developers to observe browser navigation events. These events fire both for top-level navigation and in-page navigation. The API therefore allows an extension to keep track of exactly what page (or section thereof) the tab is showing, and how the user got there. We foresee a number of use cases for this API, including extensions that gather and present statistical or benchmarking data, safe-browsing extensions, and developer tools.

• The Proxy Extension API closes one of our most popular feature requests, allowing users to configure Chrome’s proxy settings via extensions. Proxies can be configured for the entire browser or independently for regular and incognito windows. Configuration options range from setting a single proxy server to installing remote or even local PAC scripts. A sample extension demonstrates these capabilities.

Sample extension showcasing individual proxy settings for normal and incognito windows.

To try out these new APIs, please go to about:flags and enable “Experimental Extension APIs”. To protect our users' privacy, when these APIs reach the stable channel, extensions that use them will need to request explicit permission from users.

Let us know if you create something cool with one of these APIs. If we like it, we may feature you in the extensions gallery.

We’re looking forward to seeing what you’ll create!

Posted by Dominic Battré, Software Engineer and Jochen Eisinger, Software Engineer

When we created Chrome, we focused on speed, simplicity, and security as its hallmark traits. Today, we’re proud to announce a new extension for Chrome, called ChromeLite, which is a giant, sprightly ...Read More

When we created Chrome, we focused on speed, simplicity, and security as its hallmark traits. Today, we’re proud to announce a new extension for Chrome, called ChromeLite, which is a giant, sprightly leap ahead on all three fronts.

In our never-ending quest for speed, our team members recently gathered to race the latest and greatest browser versions against each other. Much to our surprise, the winning browser was neither the latest version of Chrome nor another modern browser, but was instead an early text-based browser called Lynx.

Inspired by Lynx’s approach, we decided to experiment with stripping out all the extraneous details of a web page to accelerate page load time by removing a web page’s formatting, colors, images, audio, and video. The end result? ChromeLite -- the extension which brings you the web as it was originally conceived: nothing but pure text, presented in an aesthetically pleasing monochrome palette.

ChromeLite dramatically simplifies the user experience of web browsing by rendering the entire web in plain text. Users won’t have to worry about various media codecs and browser plug-ins to view much of the content on the web today. Preliminary analysis by our top-notch security team also suggests that running ChromeLite reduces your susceptibility to targeted exploits on the web by removing a popular attack surface: color.

In short, we hope ChromeLite gives all users on the web yet another option to safely and speedily enjoy the web in all its pure, unadulterated simplicity. If you’re looking to get your fingers accustomed to these new blazing speeds once you’ve installed ChromeLite, check out our newly developed Chromercise regimen.

Posted by Jeff Chang, Product Manager and Dominic Mazzoni, Software Engineer