E-Dribble

From Techdrivein.com:

Top Six Google Chrome Extensions for a Much Secure Browsing Experience

At first, I thought he forgot a word there, but after looking at his suggestions, I’m more inclined to believe that he couldn’t decide between “Much the same Secure Browsing” or “Much false sense that you are Secure Browsing”

Here’s his suggestions for protecting yourself from the villains that reside on the web:

1) Web of Trust: Because anonymous people telling you whether the site you are visiting is safe or not can not be manipulated by malicious entities.
2) McAfee Site Advisor: Favorite quote FTFA – “…you can definitely rely on ratings by McAfee for the most part.”
3) KB SSL Enforcer: Because such an incredible amount of data theft goes on due to unencrypted web page viewing.
4) Flash Block: So few attacks are based on flash apps, that you would call this more of an adblock than a security measure.
5) Last Pass: Finally something we need for these browsers that don’t store passwords.  Wait…. what?
6) View Thru: Discover where shortened URL’s really direct you.  We’ve seen malicious files on the most trusted of sites and servers, so seeing the URL doesn’t help as much as you think it would.

I’m not giving the author a hard time about his choices.  Instead, I’m pointing out the fact that there are so few decent security addons for Chrome that he had to choose these.  Let me explain with a single picture:

This picture gives you a pretty good idea of the most dangerous aspect of browsing the web.  Visiting techdrivein.com results in 14 different domains trying to execute javascript on my computer. That’s the thing about javascript.  It’s payload can be delivered from any domain, not just the one you’re visiting.  The most popular methods of malicious infection on the web utilizes javascript to accomplish it’s task, whatever it may be.  Asking nameless people(or McAfee, of all companies) if they trust a website, blocking a flash app and browsing a site via a non-signed SSL connection is going to do you absolutely no good if the site is indeed reputable, but has had it’s code hijacked with a malicious script via either XSS, Iframe, or other method.

I tried using Chrome a little while ago, but due to it’s lack of ad and javascript blocking addons, I wasn’t willing to make the transition.  The very simple fact of the matter is that aside from user ignorance and stupidity, javascript is the single most dangerous aspect of browsing websites.

If you’re concerned enough about security to use any of the addons above, you shouldn’t be using Chrome.