Google adds download defense to Chrome, patches 15 bugs
Updates browser to version 12 as it boosts anti-malware protection
Computerworld - Google on Tuesday updated Chrome to version 12, adding a new tool that warns users when they've downloaded files from dangerous Web sites.
The company also patched 15 bugs in the browser and paid out nearly $10,000 in bounties to outside researchers who reported vulnerabilities to its security team.
New to Chrome 12 is a feature that flags dodgy files pulled from the Web. Chrome now shows an alert when users download some file types from sites that are on the Safe Browsing API (application programming interface) blacklist, which Google maintains.
The messages reads: "This file is malicious. Are you sure you want to continue?"
If they wish, users can ignore the warning and save the file to their system's hard drive.
"This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API," said Google last April when it debuted the feature in an earlier edition of Chrome.
Safe Browsing already identifies suspicious or unsafe sites, then adds them to a blacklist. Chrome, Mozilla's Firefox and Apple's Safari all tap into Safe Browsing to warn users of risky sites before they actually visit them.
But by expanding its use of Safe Browsing to signal users of not just malicious sites, but also the downloads that come from them, Google is following in Microsoft's footsteps.
Internet Explorer 9 (IE9), which launched in mid-March, uses something Microsoft calls "SmartScreen Application Reputation" to rank the probability that a download is legitimate software. Files that don't appear legit trigger a warning if users try to run or save them after downloading.
The new tools within IE9 and Chrome have been applauded by security researchers because hackers don't always rely on exploits to plant malware on machines. They are often able to trick uses into doing their work for them.
Fake antivirus software, called "scareware," is a good example. Malicious sites make visitors believe their PCs are infected, and then pitch them worthless security software that can supposedly clean their computer.
Some Mac users got a first hand look at scareware last month when an experienced gang that had worked the Windows side of the street kicked off an aggressive campaign to also sell fake Mac antivirus software.
Other improvements in Chrome 12 include additional support for hardware-accelerated 3-D graphics in Windows Vista, Windows 7 and Mac's Snow Leopard.
It also supports Adobe Flash's new settings that let users decide if they want sites to track them with Flash cookies, also called "Local Stored Objects" (LOB).
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Desktop Apps White Papers | Webcasts