Script Defender for Chrome

It messed up my whitelist.

 

Yes, I'm very much aware of this, trust me, I'm using my NoScript, BitDefender Trafficlight, Adblock plus and WebofTrust and Publicfox for Firefox-and trust me it's extremely powerful combo.
The only difference in Chrome is that Webof Trust cannot be used to block websites with poor reputation-said, but I also still have Script Defender, Adblock Plus and Bitdefender trafficlight-it's awesome, really.
I don't worry to much now because of those kernel-level exploits on my windows xp exactly because of these truly helpful extensions/plugins.

 

And I still don't know how can the last test actually prove that Chrome has superior implementation than SBIE4, since you can use tight configuration to block anything you want-in this case I don't mean on my windows xp vulnerabilities/kernel-level exploits, but on installation malware/exploit/drive-by downloads that are trying to install themselves on my computer (like from malware domain list and similar black lists of websites and all other similar things).

So I guess no matter what security application (AppGuard, Sandboxie, DefenseWall, Chrome, SBIE or whatever) I use it's always a russian roulette to go to the internet.
It doesn't matter if I know use Google Chrome or SBIE4 with configuration-it all depends how many vulnerablities my OS has.

So, I have a question how do those experts (http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-perspective/) know that Google Chrome has far superior implementation or whatever, did they actually try to use tightly configured SBIE3 or SBIE4 against Google Chrome to see what the results are going to be?
I'm not talking about kernel-exploits of any OS, but simply blocking ability of malware (including kernel-level malware, exploits) that is trying to install on your computer?
How do they know SBIE3 or SBIE4 is not better than Chrome, if Chrome cannot block installation of anything, while SBIE4 can plus with that tight configuration how can Chrome match this?

 

I'm having problems to see how the sandbox can protect against the various types of XSS. If it really did, the built-in XSSAuditor would be superfluous, IMHO. Could you elaborate?

Doesn't that contradict your statement regarding the Chrome javascript renderer above?

EDIT: The document "The Security Architecture of the Chromium Browser" explicitly says:

 

Guys, can you check if you see youtube comments?
Despite allowing everything on that page, I cannot see them. Thanks.

 

Same problem here, and I can't come up with a fix for it; i tried adding youtube.com to the whitelist but no difference. This is what i mean about this extension exhibiting some buggy behaviour, but at least it results in blocking too much as opposed to too little

 

I tried almost everything, the only way to see the comments is to pause it.

 

Same here, but of course that's not a very good option

 

@dogbite and wat0114
Whitelist s.ytimg.com or *.ytimg.com. Or allow it from third party script control menu.

BTW, just dropped this extension. It's too strong for my liking, blocked some YouTube videos and smileys in SMF-based forum.

 

i noticed i was still logged in websites after closing chrome with the new update.

anyway, back to NS for the moment.

SD is pretty good but still needs a bit of work.

 

Thanks, but still not working.

 

Did you also allow third party/external scripts to run in the setting? Alternatively, you can allow it via the drop-down menu.

 

This just takes a bit of time to get used to but once that is behind you it's great.

Youtube comments show up for me I think as GraphZeppelin stated check the third party script permissions.

I have been using this other Chrome extension but it seems there is no need for it now.

https://chrome.google.com/webstore/detail/cross-domain-request-filt/ggdfifojddnlfciogdedpldahnbnjmhd

Thanks ichito for posting this.

 

Thanks, but that didn't work for me either. Like you, I also dropped it, at least for now, but I'll keep an eye on its progress and try it again a bit later.

 

I allowed all and now it works.

 

is interesting, I tried it but if active Lastpass seems not working, I'm trying some setting but I don't solve

 

Updated today to 3.5.

Again, some whitelist messing up. I had to re-allow Wilders, for example.

 

I've been using this all night and just a while ago all sites lost their settings.

Probably the update but if this keeps happening its not worth it.

 

Also it's impossible to contact the developer to report those bugs, unless to write it in a review in the Chrome store.

 

I just tested HTTP Switchboard on those sites - and JS was blocked on all of them

I still have to test it thorougly to get a definitive judgement. It could be a good alternative for ScriptDefender or ScriptBlock. Has anyone tried it?

EDIT: 1. There's a Quick Tour for HTTP Switchboard.
2. Clicking the info button opens a site that shows statistics and reveals that several blacklists are included in HTTP Switchboard (similar to ScriptSafe). Very interesting!


EDIT 2: Unfortunately it's buggy. I had allowed cookies, script and XHR for wilderssecurity.com - but after restarting Chrome it had forgotten my decisions. Very sad since otherwise it looks rather promising ...

 

tnx for the find!

it works fine here.
click on wilderssecurity to make it turn green, then a padlock icon will appear.
click on the padlock to make the changes permanent.

i like it, it seems to work pretty good.
----
EDIT:
there are padlocks for all the cells, not just the sites.
so you can permanently and selectively allow/blocks plugins, cookies, scripts etc

 

You're abolutely right, moontan - thanks for noticing that

 

Okay if I'm on a site which uses Facebook for posting and I want to use that only for that site how do I set the cookies, etc? I'm not getting that through my thick skull but I figure it must be possible.

Way more comprehensive, it seems, than Script Defender. It looks like I could remove 'Disconnect' with this.

 

thanks for the find, tlu!

I will try this later. BTW, on the Web store page for this extension:

https://github.com/gorhill/httpswitchboard#important

The Chrome API also causes an issue with this extension, as it does with ScriptSafe.

 

Ok, so I am getting confused here although I must admit that I do not use Chrome that often. I was all ready to install ScriptDefender based upon the early enthusiasm for this extension, now some of you have uninstalled it and are now recommending the http thingie?

Thanks,
Acadia