Google engineers have decided to extend Chrome's restrictions on local Web pages in order to further tighten the Web browser's security across a broader set of protocols. It really seems that insider attacks pose a greater computer security risk than external ones, and that's because insiders tend to be trusted with greater systems access privileges than outsiders. The situation is similar with local files on computers, which tend to be accorded greater privileges than remote files. Google Chrome beta build released on November the 24th included a security fix for a vulnerability that allowed downloaded HTML files to read other local files and send them out to the Internet.

According to a blog post on Thursday, Google is considering additional restrictions on local Web pages, such as directory-based restrictions or preventing local Web pages from sending information to the Internet across a broader set of protocols. As for other browsers, IE restricts local Web pages so they can't run JavaScript by default, with Microsoft providing users the option to override this restriction.

However, Google wants to avoid this method, and that's because many users have no idea what this re-enabling of JavaScript means, and they just do that to make the pages work correctly. Even so, Chrome might become inflexible by forbidding their users to override this restriction. Furthermore, offline Web applications could become less functional under a stronger set of restrictions.

Anyway, Chrome is still a work in progress and it remains to be seen how Google's security decisions will affect the browser's usability and security. However, Chrome is part of the open source Chromium project, and, therefore, those concerned about such issues can participate in the development process.