Google Gears: Initial Thoughts on Security Implications

by Nitesh Dhanjani

Google Gears, as you may have heard, is a browser extension that lets you develop applications that can run offline. If you haven't already, try out the sample applications to get a feel for the functionality Google Gears has to offer. You can even use it to read Google Reader offline.

It's a good idea to brain-storm in the possible security implications of Google Gears because it facilitates web code to act upon the user's local disk (sand-boxed with the browser's same origin policy). I've spent a few minutes looking at the architecture, and here are my initial thoughts:

1 Comments

NoScript User
2007-06-05 02:24:35
You make a very good point here, Nitesh.


As the web quickly evolves in a powerful application environment and our most valuable data go online, we should expect XSS-based attacks to become dominant (most websites are vulnerable), JavaScript the lingua franca of malware and XSS protection a must not just for web developers (obvious!) but for users too.