Gmail Releases JavaScript Security Update For Attachments

An upcoming security update for Gmail looks to make the email service more secure from dangerous attachments. Gmail will no longer allow .js JavaScript attachments on emails starting Feb. 13, according to Google’s G Suite blog.

The update puts JavaScript alongside other banned attachment types for Gmail such as .exe and .vb files. Gmail also scans archive file types like .zip for banned attachment file types. If you try to attach these files, Gmail will display a message saying "this message was blocked because its content presents a potential security issue." Legitimate attachments can still be sent via Google Drive or other secondary cloud storage solutions.

While JavaScript isn’t an automatically suspicious file type, JavaScript attachments can easily be used for hacking applications. Malicious .js files can be used as a back door for downloading malware and ransomware that could violate your computer’s security.

Google’s update for Gmail highlights efforts for a variety of online service providers to update and revise their security standards. In 2014, JavaScript and Flash vulnerabilities allowed hackers to make fake eBay listings that were used to steal user banking information and login credentials. Similar phishing techniques — which refer to sending fraudulent emails appearing to be from a credible source — were used on the personal email account of John Podesta, former chairman for Hillary Clinton’s presidential campaign.

In a post disclosing email data hacks that affected more than 1 billion user accounts, Yahoo! advised users to be conscious of phishing attempts and suspicious attachments. While Gmail has yet to suffer a serious data breach, Google likely hopes user-level tweaks such as its ban on JavaScript attachments keeps the service safe.