What is Chrome Web Security?

Have you ever considered what is behind Chrome’s web security? We at HowToHosting.guide will provide you with a quick overview of the safety behind Google’s browser, what settings you could tweak, and what options you have available for various operating systems.

Web-Security-for-Chrome-howtohosting-guide

Let us start by shortly explaining what web security is – it is also called WebAppSec, which deals with the safety of websites, web services, and applications. It uses principles taken from application security-layer to web-based systems where available.

Google implements safety features into its browser, such as protection from deceptive and dangerous sites and downloads. Additionally, advanced technologies such as site isolation, sandboxing, and predictive phishing protection keep threats at bay. With Google updating the browser regularly every six weeks, patches for newly-discovered bugs arrive as quickly as they are needed.

Google Chrome’s protection is far more complicated than you can imagine. Not only is it developed for the major operating systems and their forks, but it is also updated frequently. Google also invites hackers and runs bug bounty programs, so bugs can be quickly removed after they are discovered.

What is Cross-Origin Resource Sharing?

Let us look closer at one of the policies in online safety, which is crucial – the CORS policy. CORS stands for Cross-Origin Resource Sharing, and it is at the core safety mechanisms for Chrome. In the aforementioned abbreviation, the word actually means website and this is how it is referred to by IT specialists and geeks alike. If the policy is active, CORS is blocked. CORS enables the sharing of resources between websites in the sense that if a website is needed to function properly, it could load the needed resource from other sites.

CORS is blocked in modern browsers by default (in JavaScript APIs). It is blocked to prevent malicious access or scripts loading from dangerous websites onto others, which means no cross-domain sharing.

The CORS policy prevents malicious websites from exploiting sensitive information stored in a user’s computer by various websites. As the CORS policy does not allow requests to a different origin, malicious websites cannot send requests to websites using sensitive data. If a user’s credentials are saved locally on his computer by the website he is using, a malicious website cannot read these credentials, nor send a request to the website the user is on.

How to Enable and Disable Web Security in Chrome?

Disabling the policy that prevents CORS from working is not advised for average users, but many developers need it for testing. If you are a developer or any other software engineer who wants to perform cross-domain Ajax requests in online applications efficiently, there are a few ways to do it. If you need to disable it, then you would also need to put it back in place.

Installing a browser extension specifically designed to switch CORS on and off with a simple click of a button is a handy way to allow file access to cross-site Ajax requests on JavaScript and more. Not every such extension works as intended, and some of them are not updated. Besides, they might have bugs or even contain malicious code, so research well as to which browser extensions would allow you to use CORS properly and as intended.

Chrome Web Security for Windows, MAC, Linux and Android

CORS, being an essential part for protecting users is also labeled with web-security in the command line of Google’s browser. That is what people usually associate it with and what is understood by Chrome WebSec.
Here is how to disable that protection for each different platform:

Disabling CORS in Windows OS

Press the Start button
Type CMD and Command Prompt will show
Right-click on Command Prompt and select Run as Administrator to run it in Admin mode
Enter the following command line flag

→ taskkill /F /IM chrome.exe

That will end all tabs and instances of Chrome, everywhere in Windows.

To disable it in for Windows, enter the following:

→ “PATH_TO_CHROME\chrome.exe” –disable-web-security –disable-gpu –user-data-dir=~/chromeTemp

Now, you need to get the location for Google Chrome’s install folder and type it in place of the PATH_TO_CHROME\chrome.exe.

Disabling CORS in MAC OSX

To disable it in Google’s browser for MAC, enter the following:

Run Chrome’s browser without CORS policy (CORS enabled) for MAC OSX

Disabling CORS in Linux OS

To disable it for Linux, enter the following:

Run Chrome’s browser without CORS policy (CORS enabled) for Linux OS

Disabling CORS in Android

Disabling the policy in Android can be tricky. We suggest trying to find an extension that works on Android. In case you do not find any, below we will show what we know might work:

Run Chrome’s browser without CORS policy (CORS enabled) for Android

We hope that this is all you need. Everything now runs as intended. And you can begin your testing and debugging session. Have a quick look at the last section for a fair warning and more information about the settings shown and used across the article.


Also Read What is Web Security?


What Do You Need to Know About These Settings?

New vulnerabilities and bugs come into light daily. Web security technologies must be set in place to combat them effectively. Security must evolve faster than upcoming threats. The settings and tweaks provided in this article are for testing purposes of new or improperly configured websites.

Debugging and testing might prove very useful in developers’ hands, but it is not to be used by average users daily. Not to mention that a browser will not work smoothly or adequately in some instances if the commands are set in place. To keep your website protection intact and browsers running correctly, do not tamper with settings unless you understand them, and you are fully aware of the possible implications.

Note that this piece is written at the end of September 2020, and settings might change slightly over time, although the core concept remains the same. For Windows, the commands are for Command Prompt and not for PowerShell. There might be a warning message in older versions of Chrome, but that shouldn’t hinder you from actual testing.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.