link out to posts

_posts/2021-03-12-mitigating-side-channel-attacks.md

@@ -4,7 +4,6 @@ author: Mike West, on behalf of Chrome's Web Platform Security team
 date: 2021-03-12
 source-url: https://blog.chromium.org/2021/03/mitigating-side-channel-attacks.html
 source-blog: Chromium Blog
-excerpt: 
 ---
 
 The web platform relies on the [origin](https://developer.mozilla.org/en-US/docs/Glossary/Origin) as a fundamental security boundary, and browsers do a pretty good job at preventing *explicit* leakage of data from one origin to another. Attacks like [Spectre](https://spectreattack.com/), however, show that we still have work to do to mitigate *implicit* data leakage. The side-channels exploited through these attacks prove that [attackers can read any data which enters a process hosting that attackers' code](https://chromium.googlesource.com/chromium/src/+/master/docs/security/side-channel-threat-model.md#introduction). These attacks are [quite practical](https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html) today, and pose a real risk to users.

_posts/2021-03-21-a-safer-default-for-navigation-https.md

@@ -4,7 +4,6 @@ author: Shweta Panditrao and Mustafa Emre Acer, Chrome team
 date: 2021-03-21
 source-url: https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html
 source-blog: Chromium Blog
-excerpt: 
 ---
 
 Starting in version 90, Chrome's address bar will use *https://* by default, improving privacy and even loading speed for users visiting websites that support HTTPS. Chrome users who navigate to websites by manually typing a URL often don't include "http://" or "https://". For example, users often type "example.com" instead of "https://example.com" in the address bar. In this case, if it was a user's first visit to a website, Chrome would previously choose *http://* as the default protocol^1^. This was a practical default in the past, when much of the web did not support HTTPS.

_posts/2021-07-14-increasing-https-adoption.md

@@ -4,7 +4,6 @@ author: Shweta Panditrao, Devon O'Brien, Emily Stark, Google Chrome team
 date: 2021-07-14
 source-url: https://blog.chromium.org/2021/07/increasing-https-adoption.html
 source-blog: Chromium Blog
-excerpt: 
 ---
 
 When a browser connects to websites over HTTPS (vs. HTTP), eavesdroppers and attackers on the network can't intercept or alter the data that's shared over that connection (including personal info, or even the page itself). This level of privacy and security is vital for the web ecosystem, so Chrome [continues](https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html) [to](https://blog.chromium.org/2020/02/protecting-users-from-insecure.html) [invest](https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html) in making HTTPS more widely supported.

_posts/2022-09-19-announcing-launch-of-chrome-root-program.md

@@ -4,7 +4,6 @@ author: Ryan Dickson, Chris Clements, Emily Stark from Chrome Security
 date: 2022-09-19
 source-url: https://blog.chromium.org/2022/09/announcing-launch-of-chrome-root-program.html
 source-blog: Chromium Blog
-excerpt: 
 ---
 
 In 2020, we [announced](https://groups.google.com/g/mozilla.dev.security.policy/c/3Q36J4flnQs/m/VyWFiVwrBQAJ) we were in the early phases of establishing the Chrome Root Program and launching the Chrome Root Store.

_posts/2022-12-08-introducing-passkeys-in-chrome.md

@@ -4,7 +4,6 @@ author: Ali Sarraf, Product Manager, Chrome
 date: 2022-12-08
 source-url: https://blog.chromium.org/2022/12/introducing-passkeys-in-chrome.html
 source-blog: Chromium Blog
-excerpt: 
 ---
 
 We [announced in October](https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html) that passkey support was available in Chrome Canary. Today, we are pleased to announce that passkey support is now available in Chrome Stable M108.

_posts/2023-05-02-an-update-on-lock-icon.md

@@ -4,7 +4,7 @@ author: David Adrian, Serena Chen, Joe DeBlasio, Emily Stark, and Emanuel von Ze
 date: 2023-05-02
 source-url: https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
 source-blog: Chromium Blog
-excerpt: 
+excerpt: Browsers have shown a lock icon when a site loads over HTTPS since the early versions of Netscape in the 1990s. For the last decade, Chrome participated in a major initiative to increase HTTPS adoption on the web, and to help make the web secure by default. As late as 2013, only 14% of the Alexa Top 1M sites supported HTTPS. Today, however, HTTPS has become the norm and over 95% of page loads in Chrome on Windows are over a secure channel using HTTPS. This is great news for the ecosystem; it also creates an opportunity to re-evaluate how we signal security protections in the browser. In particular, the lock icon.
 ---
 
 _Editor's note: based on industry research (from Chrome and others), and the ubiquity of HTTPS, we will be replacing the lock icon in Chrome's address bar with a new "tune" icon -- both to emphasize that security should be the default state, and to make site settings more accessible. Read on to learn about this multi-year journey._

_posts/2023-08-03-redesigning-chrome-downloads-to-keep.md

@@ -4,7 +4,6 @@ author: Joshua Cruz, Communications Manager
 date: 2023-08-03
 source-url: https://blog.chromium.org/2023/08/redesigning-chrome-downloads-to-keep.html
 source-blog: Chromium blog
-excerpt: 
 ---
 
 [![Main image of blog post that showcases the new download experience for Chrome on the right side of the Chrome Address bar.](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_Wk6hUyNuwt82auTtHqsRHsnhylPD_2MDzrPZAsUiZdrBPVnVKmJuOXgiUJU-qWB0sTXV8ViI7A7pX4nl8fu4JDsQbWGUWoLQFOrWyh_-eWpvMrvJLrEn_LeDI8bmHAdQSzPAuHgeNzjZ3UHv_QBBcLXnJme9ctfO-szOUh_sxGZFrzkPfnEqo9-fw6st/s16000/DownloadsUI_Header.png)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_Wk6hUyNuwt82auTtHqsRHsnhylPD_2MDzrPZAsUiZdrBPVnVKmJuOXgiUJU-qWB0sTXV8ViI7A7pX4nl8fu4JDsQbWGUWoLQFOrWyh_-eWpvMrvJLrEn_LeDI8bmHAdQSzPAuHgeNzjZ3UHv_QBBcLXnJme9ctfO-szOUh_sxGZFrzkPfnEqo9-fw6st/s6001/DownloadsUI_Header.png)

_posts/2023-08-10-:protecting-chrome-traffic-with-hybrid.md

@@ -3,8 +3,7 @@ title: Protecting Chrome Traffic with Hybrid Kyber KEM
 author: Devon O'Brien, Technical Program Manager, Chrome Security 
 date: 2023-08-10
 source-url: https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
-source-blog:
-excerpt: 
+source-blog: Chromium Blog
 ---
 
 Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography. Continuing with our [strategy](https://cloud.google.com/blog/products/identity-security/how-google-is-preparing-for-a-post-quantum-world) for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success.

_posts/2023-08-16-towards-https-by-default.md

@@ -4,7 +4,6 @@ author: Joe DeBlasio, Chrome Security team
 date: 2023-08-16
 source-url: https://blog.chromium.org/2023/08/towards-https-by-default.html
 source-blog: Chromium blog
-excerpt: 
 ---
 
 For the past several years, [more than 90%](https://transparencyreport.google.com/https/overview?hl=en) of Chrome users' navigations have been to HTTPS sites, across all major platforms. Thankfully, that means that most traffic is encrypted and authenticated, and thus safe from network attackers. However, a stubborn 5-10% of traffic has remained on HTTP, allowing attackers to eavesdrop on or change that data. Chrome shows a warning in the address bar when a connection to a site is not secure, but we believe this is insufficient: not only do many people not notice that warning, but by the time someone notices the warning, the damage may already have been done.

_posts/2023-10-11-unlocking-power-of-tls-certificate.md

@@ -4,7 +4,6 @@ author: "Chrome Root Program, Chrome Security Team"
 date: 2023-10-11
 source-url: https://blog.chromium.org/2023/10/unlocking-power-of-tls-certificate.html
 source-blog: Chromium blog
-excerpt: 
 ---
 
 TL;DR: Automated certificate issuance and management strengthens the underlying security assurances provided by Transport Layer Security (TLS) by increasing agility and resilience. This post describes the benefits of automation and upcoming changes to the Chrome Root Program policy that represent Chrome Security's ongoing commitment to improving web security.

index.html

@@ -37,40 +37,27 @@ <h1 class="f-3xh black wide">chrome<wbr>.security</h1>
       {% include chromeball-protect.svg %}
     </figure>
   </div>
-
 
   <section class="grid-ones grid-12">
     <h2 class="grid-ones box f-xhr black wide lower text-center">Recent blog posts</h2>
-    <a href="#" class="grid-threes box">
+    {% for post in site.posts limit:3 %}
+    <a href="{{ post.source-url }}" class="grid-threes box">
       <article>
-        <h3>Unlocking the power of TLS certificate automation for a safer and more reliable Internet</h3>
-        <p class="blog-meta">Wednesday, October 11, 2023</p>
-        <p class="blog-excerpt">TL;DR: Automated certificate issuance and management strengthens the underlying security assurances provided by Transport Layer Security (TLS) by increasing agility and resilience. This post describes the benefits of automation and upcoming changes to the Chrome Root Program policy that represent Chrome Security’s ongoing commitment to improving web security.</p>
-        <p class="linkstyle text-right">Keep reading</p>
-      </article>
-    </a>
-    <a href="#" class="grid-threes box">
-      <article>
-        <h3>Towards HTTPS by default</h3>
-        <p class="blog-meta">Wednesday, August 16, 2023</p>
-        <p class="blog-excerpt">For the past several years, more than 90% of Chrome users' navigations have been to HTTPS sites, across all major platforms. Thankfully, that means that most traffic is encrypted and authenticated, and thus safe from network attackers. However, a stubborn 5-10% of traffic has remained on HTTP, allowing attackers to eavesdrop on or change that data. Chrome shows a warning in the address bar when a connection to a site is not secure, but we believe this is insufficient: not only do many people not notice that warning, but by the time someone notices the warning, the damage may already have been done.</p>
-        <p class="linkstyle text-right">Keep reading</p>
-      </article>
-    </a>
-    <a href="#" class="grid-threes box">
-      <article>
-        <h3>Protecting Chrome Traffic with Hybrid Kyber KEM</h3>
-        <p class="blog-meta">Thursday, August 10, 2023</p>
-        <p class="blog-excerpt">Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography. Continuing with our strategy for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success.</p>
+
+        <h3>{{ post.title }}</h3>
+        <p class="blog-meta">{{ post.date }}</p>
+        <p class="blog-excerpt">{{ post.excerpt | strip_html }}</p>
         <p class="linkstyle text-right">Keep reading</p>
+
       </article>
     </a>
+    {% endfor %}
   </section>
 
   <hr class="grid-ones squiggle box">
 
   <section class="grid-ones grid-12">
-    <h2 class="grid-ones box f-xhr black wide lower text-right">Hand-crafted links for ✨you✨</h2>
+    <h2 class="grid-ones box f-xhr black wide lower text-right">Hand-crafted links for you</h2>
     <section class="grid-fours box">
       <h4 class="f-xlg thick">For <strong>security researchers</strong>...</h4>
       <ul>