Google adds download defense to Chrome, patches 15 bugs
Updates browser to version 12 as it boosts anti-malware protection
Computerworld - Google on Tuesday updated Chrome to version 12, adding a new tool that warns users when they've downloaded files from dangerous Web sites.
The company also patched 15 bugs in the browser and paid out nearly $10,000 in bounties to outside researchers who reported vulnerabilities to its security team.
New to Chrome 12 is a feature that flags dodgy files pulled from the Web. Chrome now shows an alert when users download some file types from sites that are on the Safe Browsing API (application programming interface) blacklist, which Google maintains.
The messages reads: "This file is malicious. Are you sure you want to continue?"
If they wish, users can ignore the warning and save the file to their system's hard drive.
"This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API," said Google last April when it debuted the feature in an earlier edition of Chrome.
Safe Browsing already identifies suspicious or unsafe sites, then adds them to a blacklist. Chrome, Mozilla's Firefox and Apple's Safari all tap into Safe Browsing to warn users of risky sites before they actually visit them.
But by expanding its use of Safe Browsing to signal users of not just malicious sites, but also the downloads that come from them, Google is following in Microsoft's footsteps.
Internet Explorer 9 (IE9), which launched in mid-March, uses something Microsoft calls "SmartScreen Application Reputation" to rank the probability that a download is legitimate software. Files that don't appear legit trigger a warning if users try to run or save them after downloading.
The new tools within IE9 and Chrome have been applauded by security researchers because hackers don't always rely on exploits to plant malware on machines. They are often able to trick uses into doing their work for them.
Fake antivirus software, called "scareware," is a good example. Malicious sites make visitors believe their PCs are infected, and then pitch them worthless security software that can supposedly clean their computer.
Some Mac users got a first hand look at scareware last month when an experienced gang that had worked the Windows side of the street kicked off an aggressive campaign to also sell fake Mac antivirus software.
Other improvements in Chrome 12 include additional support for hardware-accelerated 3-D graphics in Windows Vista, Windows 7 and Mac's Snow Leopard.
It also supports Adobe Flash's new settings that let users decide if they want sites to track them with Flash cookies, also called "Local Stored Objects" (LOB).
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts