Google aims to lock down security with its web services
“Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why,” Google explained on its G Suite blog.
“If you still need to send .js files for legitimate reasons, you can use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files.”
Gmail already blocks a decent list of file extensions to prevent its email service from being used as a vector for cyber attacks. The suite of extension blocked are: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH.
Those familiar with the security risks associated with opening unknown emails and attachments maybe aware of the danger of downloading such files. But by blocking .js files, Google has taken upon itself to add in that level of precaution rather than relying on the security knowledge of its large Gmail user base.
Google goes full HTML5 with Chrome 56
Continuing with the theme of protection its software users, Google has also started to rollout its Chrome 56 web browser, which ushers in the first stable version of Chrome that uses the HTML5 protocol by default. This allows the protocol to take care of handling things such as video playback rather than be reliant on plugins which may come with security holes, such as the much-blocked Flash.
Chrome 56 will also highlight and mark websites that use HTTP as insecure, which should help encourage more websites to adopt the more secure HTTPS protocol.
With this Chrome 56 joins Mozilla 51 in taking this strong arm approach in branding no HTTPS websites as insecure.
Are you a security pro? Try our quiz!