Google to remove Chrome’s built-in XSS protection (XSS Auditor)


Chrome XSS Auditor error

Google engineers plan to remove a Chrome security feature that has not been living up to par with the protections with was supposed to provide for years.

Named XSS Auditor, the feature was added to Chrome in 2010, with the release of Google Chrome v4.

As the name implies, XSS Auditor scans a website’s source code for patterns that look like a cross-site scripting (XSS) attack that may try to run malicious code in the user’s browser.

If a known XSS pattern is found, Chrome may remove the malicious code, or may block the website from loading altogether, showing an error like the one below.

Read more…