Google Will Block JavaScript Attachments In Gmail To Curtail Malware Spreading

Google aims to lock down security with its web services

Google is moving to ban JavaScript attachments in is Gmail email service and app in order to avoid the cyber security risks posed by flies making use of the programming language.

JavaScript files, distinguished with the .js extension, has been increasingly used to deliver malware hidden in attached files sent to targeted machines, which when downloaded can enable hackers to steal data or gain access to the infected machine.

As such, preventing the us of JavaScript files with Gmail will curtail the risk within Google’s widely-used email service.

Farewell to JavaScript in Gmail

Gmail will restrict js file attachments“Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why,” Google explained on its G Suite blog.

“If you still need to send .js files for legitimate reasons, you can use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files.”

Gmail already blocks a decent list of file extensions to prevent its email service from being used as a vector for cyber attacks. The suite of extension blocked are: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH.

Those familiar with the security risks associated with opening unknown emails and attachments maybe aware of the danger of downloading such files. But by blocking .js files, Google has taken upon itself to add in that level of precaution rather than relying on the security knowledge of its large Gmail user base.

Google goes full HTML5 with Chrome 56

Chrome 56 securityContinuing with the theme of protection its software users, Google has also started to rollout its Chrome 56 web browser, which ushers in the first stable version of Chrome that uses the HTML5 protocol by default. This allows the protocol to take care of handling things such as video playback rather than be reliant on plugins which may come with security holes, such as the much-blocked Flash.

Chrome 56 will also highlight and mark websites that use HTTP as insecure, which should help encourage more websites to adopt the more secure HTTPS protocol.

With this Chrome 56 joins Mozilla 51 in taking this strong arm approach in branding no HTTPS websites as insecure.

Are you a security pro? Try our quiz!