Google Chrome security warnings – now in plain English

http://www.welivesecurity.com/2014/07/15/google-chrome-security/

 

http://threatpost.com/google-set-to-change-malware-phishing-warnings-following-study

 

Interesting article @hqsec , as i recall google bought VirusTotal, currently or in the future is it serving the purpose to help chrome users avoid malware or phishing sites as part of chromes security strategy?

 

I don't know if or how Google is using scan results from Virtustotal. I guess there could be problems with false positives with that many AV engines being used. Results from VT might be useful as additional info or help when detecting malware but IMO each positive result must be double-checked for possible FPs.

 

Hmm, i would love to know. What other reason would be for them to buy VirusTotal. False positives could be a problem, but given the range of AV vendors in VirusTotal , the probabiltiy of false positives may be minimized. How would it be any different for a user to see " Attackers on might try to trick you to steal your information, for instance, passwords, messages or credit cards". "Try" suggests may or may not. Its bit of a stab in the dark either way. None the less, its great to see Chrome is still addressing security, even more so with the 64 bit version. regards.

 

Yes I agree. There are some AV vendors that are more prone to FPs and others who have FPs really rarely. Maybe they could take that into account.
About warning I see some improvement but as you said "try" is not best word. It would be better to write something like: "If you will visit this site they will steal all your money, all your passwords, destroy your computer and burn down your house." That might put some of them off. If they still decide to visit that site they would have to confirm 3 additional questions, each describing worse consequences.

 

Yes exactly. I would also be fantastic that if a user "proceeds anyway" that Chrome will;

• Disables downloading of all files
• Disables all java scripts and the like in the browser
• Disallows saving of cookies of all sorts from storing themselves in the host PC
• Change browser headers and hides user IP

Im sure there is more they could do. Wishful thinking i suppose.

regards.

 

@TS4H You have some nice ideas. Though I doubt we will ever get Chrome so secure.

P.S.: do you know how far is 64 bit version? I'v read that it will employ some additional security measures.

 

Thanks, yeah thankfully Chrome is pretty secure out of the box.

Currently i believe its still in Canary build so it will still be a couple of months away. I think they are aiming for Chrome version 37.

As for a benchmark in performance between 32 and 64 see; http://www.thetechforum.co.uk/index.php?topic=3335.0 keep in mind its still in Canary build.

Chrome will take advantages of OS features such as High Entropy ASLR in windows 8 see; http://blogs.technet.com/b/srd/arch...itigating-common-exploitation-techniques.aspx

It should protect against exploitation such as JIT spraying, and improve the effectiveness of existing security defense features like heap partitioning. Windows 7 should get some security features too as it also has the potential for OS level mitigation although there is really not a great deal of info right now. Im sure we will know more once it has hit the beta channel.

regards

 

Thank you for all info. I'm glad that they decided to include some additional anti-exploit techniques.

 

No problem.

Yeah absolutely, should make the whole sandbox of chrome, and future versions of Chrome OS much more secure.

regards.