Security-dev

This is a public Google Group for discussions relating to security engineering and development for Chromium. Looking forward to exciting and open discussions happening here!

Showing 1-20 of 134 topics
Mixed content policy for predictive actions (like prefetch) Josh Karlin 3:00 AM
Intent to Deprecate: SHA-1 certificates Ryan 4/23/15
PSA: USE_NSS is now USE_NSS_CERTS David 4/20/15
Intent to Implement: Slight tightening of 3rd-party cookie definition. Mike West 4/15/15
An update on SSLv3 in Chrome. Adam 4/14/15
Firefox "Intent to deprecate: Insecure HTTP" Joel 4/14/15
Figuring out how to deprecate powerful features on insecure origins Joel 4/14/15
Intent to Implement: BoringSSL/NSS "chimera" David Benjamin 4/10/15
Re: [site-isolation-dev] Only way to prevent top.location changes from iFrame is using sandbox attribute which blocks plugins Charlie Reis 4/9/15
usable security reading list Adrienne 3/31/15
On ICANN and the glut of new gTLDs Ryan Sleevi 3/25/15
Avira wants to contribute/build an own browser Thorsten Sick 3/23/15
Intent to Ship: 'First-Party-Only' cookies. Mike West 3/23/15
Intent to Ship: Upgrade Insecure Requests. Mike West 3/23/15
Suggestion for proactive security: rate limiting (cross-post from chromium-discuss) carl....@gmail.com 3/22/15
Intent to deprecate: Insecure usage of powerful features Joel 3/22/15
Towards the sunset of SHA-1 Ryan 3/17/15
Re: [native-client-discuss] Bare metal (non-SFI) support for x64? Xun Sun 3/9/15
Testing HPKP support Hanno Böck 2/27/15
Private Devices and IoT (was Proposal: Marking HTTP As Non-Secure) Jeffrey Walton 2/23/15
More topics »