Chrome warns users of devious software that could impact Google's business

Google has added an early warning alert to Chrome that pops up when users try to access a website that could try to dupe users.

Google has added an early warning alert to Chrome that pops up when users try to access a website that the search giant suspects will try to dupe users into downloading underhanded software.

The new alert pops up in Chrome when a user aims the browser at a suspect site but before the domain is displayed. "The site ahead contains harmful programs," the warning states.

Google emphasized tricksters that "harm your browsing experience," and cited those that silently change the home page or drop unwanted ads onto pages in the warning's text.

The company has long focused on those categories, and for obvious, if unstated, reasons. It would prefer that people -- much less, shifty software -- not alter the Chrome home page, which features the Google search engine, the Mountain View, Calif. firm's primary revenue generator. Likewise, the last thing Google wants is to have adware, especially the most irritating, turn off everyone to all online advertising.

The new alert is only the latest in a line of warnings and more draconian moves Google has made since mid-2011, when the browser began blocking malware downloads. Google has gradually enhanced Chrome's alert feature by expanding the download warnings to detect a wider range of malicious or deceitful programs, and using more assertive language in the alerts.

In January 2014, for example, Chrome 32 added threats that posed as legitimate software and monkeyed with the browser's settings to the unwanted list.

The browser's malware blocking and suspect site warnings come from Google's Safe Browsing API (application programming interface) and service; Apple's Safari and Mozilla's Firefox also access parts of the API to warn their users of potentially dangerous websites.

Google's malware blocking typically tests much better than Safari's or Firefox's, however, because Google also relies on other technologies, including reputation ranking, to bolster Chrome's Safe Browsing.

Like the Microsoft application reputation ranking used in Internet Explorer, Google's technology combines whitelists, blacklists and algorithms to create a ranking of the probability that a download is legitimate software. Files that don't meet a set legitimacy bar trigger a warning.

Google uses other signals, the details of which it has not disclosed, to identify websites that will likely serve up unwanted software like home page changers. Google search uses similar signals to ward off entries in the results list. "This change reduces the chances you'll visit these sites via our search results," wrote Lucas Ballard, a software engineer, in a Monday blog post.

Chrome 40, the browser's current most-polished version, can be downloaded for Windows, OS X and Linux from Google's website.

Join the CSO newsletter!

Error: Please check your email address.

Tags web browsersGooglesecuritysoftware

More about AppleGoogleLinuxMicrosoftMountain ViewMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts