Google tackles top security complaint among Chrome users

Google is bolstering its defenses against what it says is the number one complaint among Chrome users, the hijacking of browser settings by malicious code hidden in free downloads such as screensavers, games and video plugins.

The company is enhancing the Chrome feature that enables users to reset their browser settings to their original defaults in order to remove all malicious plugins and apps. Besides providing the reset option, Google will also alert users when browser settings have been changed and provide the option of one-click reset.

"Alerts about when a Chrome plug-in is trying to change browser settings are one important piece of a defense strategy against malware," Stephen Brunetto, director of product management at security vendor Trustwave, said.

Hackers will often try to change browser settings as part of a click-fraud scheme in which the new settings will direct users to search engine pages or a new homepage. The pages typically try to entice visitors to click on links that the attackers will profit from.

Linus Upson, vice president of engineering at Google, said in a blog post that the number of such click-fraud schemes is growing at an "alarming rate."

"Settings hijacking remains our number one user complaint," Upson said.

The alerts, which will appear at the bottom of the browser window, will only be available on Windows PCs. People who choose the reset option will have to go back and reactivate any extensions, apps and themes they had installed. This can be done by going to the Chrome menu and looking under "More tools [is greater than] Extensions."

Also, some hijacking malware are particularly troublesome, in that they are difficult to remove and sometimes return in a short time and change the browser settings again. In those cases, Upson recommends going to the Chrome help forum for more information on how to remove such programs.

The enhancement is part of Google's Safe Browsing feature that flags websites Google has identified as malicious. The feature automatically prevents downloads from those sites. Google says it flags 10,000 new websites everyday.

For businesses and consumers, preventing users from visiting malicious websites is key to defending against phishing attacks, which is when a hacker sends email designed to trick recipients into clicking on a link to a compromised site.

"The most common and effective security threats facing users today are socially engineered malware and phishing attacks," NSS Labs said in its 2013 security analysis of the major browsers, including Chrome, Internet Explorer, Safari, Firefox and Opera.

Google's Safe Browsing is used by Chrome, Firefox and Safari, which all came within four percentage of each other and were the top three browsers in catching malicious websites. Microsoft IE was a distant 13 percentage points behind the leader.

However, browsers are continuously updated, so standings often change from one study to another.

Join the CSO newsletter!

Error: Please check your email address.

Tags Googlesecurity

More about GoogleMicrosoftTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place