Here’s how to do it in just five clicks. And why you might want to turn it off completely.
Let’s get started.
1. Click Settings in the Chrome menu.
2. Select “Advanced” at the bottom of the Settings page.
3. Under Privacy and security, scroll down to Site Settings.
5. Toggle to Allowed.
And you’re done!
Websites are built like this:
- HTML tells website elements where to be.
- CSS tells them how to look.
But it also means that when an organization uses these libraries, they’re trusting every developer who contributed. A single library could could have been built by hundreds of developers.
Deliberately malicious code in these libraries is super rare. But vulnerabilities do happen by accident often.
So how widespread is the issue?
- A bad actor has to target one of the sites you visit.
- You have to perform an action that puts you at risk (enter personal information, download something, etc).
- Most malware and viruses can be easily removed.
As long as you practice good browsing hygiene, the risks are low. Down’t download unknown files, don’t enter personal information in sites that you don’t trust, and avoid aggressive sites.
During an attack, which methods are used most often?
Script injections can be used to do anything from altering a website’s appearance to accessing user account data.
Cross-site scripting (XSS) is a type of injection technique that allows the attacker to inject malicious code into a vulnerable web application to hijack the interactions users have with it.
It can be used to perform unauthorized activities and phishing attacks. It can also be used to capture keystrokes, stealing personal data and passwords in the process. Or to steal sensitive information directly.
Ads are a popular attack route.
To make matters worse, Windows doesn’t show you these by default. And some criminals, wise to this, label files with double extensions, like this: suspicious.PDF.js.
Lack of risk assessment