Google have announced that they were expanding Safe Browsing in Chrome to warn users of deceptive tactics on web sites that try to deceive visitors into doing something dangerous. This includes installing unwanted software or encouraging people to reveal personal information through phishing.
Safe Browsing is the name of both the backend technology Google created and the API (application programming interface) that developers, including other browser makers like Mozilla, can call to intercede when a user steers toward a website that may contain malicious content.
The concept behind phishing is to fool you into disclosing personal information – putting you at risk of identity theft, account theft, information theft and potentially, financial theft.
Google are identifying hundreds of thousands of phishing pages each year through a complex algorithm that looks at the country, host, page content and links to identify the risk. If the algorithm determines that a page is being used for phishing, it will automatically produce a red warning for Chrome users who try to visit that page.
Unwanted software may appear as embedded content (like ads) on a web page. In line with their social engineering policy, Google is focusing on embedded content that pretends to act, look or feel like a trusted entity (like your device, browser or the web site itself), or content that tries to trick you into sharing a password or calling a bogus call centre promising urgent technical support.
Some of the examples provided included advertisements and popups that encouraged users to download update or media players that appeared legitimate, but were in fact downloads from third party sites – not the software developers.
Their broader definition of unwanted software is any software that:
- Is deceptive, promising a value proposition that it does not meet.
- Tries to trick users into installing it or it piggybacks on the installation of another program.
- Doesn’t tell the user about all of its principal and significant functions.
- Affects the user’s system in unexpected ways.
- Is difficult to remove.
- Collects or transmits private information without the user’s knowledge.
- Is bundled with other software and its presence is not disclosed.
Google’s continued investment in high-value security features for Chrome makes a lot of sense. They do not want people to become fearful of browsing or limiting visits to a few trusted entities – their primary revenue stream is sourced from serving advertising to users of their search engine and affiliated web sites.
Google’s Chrome we browser can be downloaded from https://www.google.com/chrome/