October 31, 2014

Google Safe Browsing to be expanded to detect even more suspicious downloads

Chrome-logo-2011-03-16(LiveHacking.Com) – One of the important security features that Google provides for users of its Chrome browser, as well as users of other software that call the related APIs, is its Safe Browsing service. Since Google are constantly trawling the Internet for its search engine, the company also looks at the pages it reads and checks to see if the website is serving malware or running any kind of suspicious JavaScript that can cause harm to a PC. If a user visits one of these sites and starts a download (either manually or via some malicious script) then Chrome will warn the user that the download is potentially harmful.

According to a recent blog post, Google is currently showing over three million download warnings per week! In total Chrome, along with the other browsers which use this service, are protecting over 1.1 billion people from mistakenly downloading malware on their computers.

Google has now announced that it will be expanding the Safe Browsing service to include protection against other kinds of deceptive software including programs disguised as helpful downloads that actually make unexpected and unwanted changes to your computer. As an example, Google cites applications which switch your homepage or default search engine to ones you don’t want.

“You should be able to use the web safely, without fear that malware could take control of your computer, or that you could be tricked into giving up personal information in a phishing scam,” wrote Moheeb Abu Rajab, Staff Engineer, Google Security.

When a users attempts to download these malicious software installers, Chrome will display a warning and halt the download. For those users who insist on downloading the package, it can still be accessed from the Downloads list.

It is always important to be watchful when downloading software from the Internet. Make sure you trust the source of the download and make sure your malware protection is current. Google has published a set of tips to help you stay safe on the web.

The Internet is a dangerous place says Google

(LiveHacking.Com) – To mark the five-year anniversary of the launch of its Safe Browsing initiative Google has released some interesting facts and figures about the dangers of the Internet, the most shocking being that Google find about 9,500 new malicious websites every day. The Internet is truly a dangerous place.

Of the 9,500 new malicious websites which Goolge detects daily,  some are innocent websites that have been hacked to serve up malware, while the others that are built specially for the purpose of distributing malware. As a result of these daily finds, Google displays over 300,000 download warnings every day via its download protection service that is built-in to Chrome.

Elements of the Safe Browsing service are built into Chrome, Firefox, and Safari and as a result some 600 million users are protected by this service. According to Google, approximately 12-14 million Google Search queries per day result in a web browser showing a warning advising users not to visit a currently compromised site.

Google’s service checks for two types of danger on the Internet – Phishing and Malware. Phishing sites are those who try to trick a user into revealing a username and password for a well-known site like eBay or PayPal. Modern phishing strategies include fast turn-around and the additional use of malware. In this context fast turn-around means sites that come and go very quickly in an attempt to avoid detection. Some phishing webpages (URLs) remain online for less than an hour. Phishing sites can also use the look and feel of popular sites to trick users into installing malware by offering it as browser extension. The number of phishing sites has peaked in 2012 with over 300,000 new phishing sites found per month.

The good news on the malware front is that the number of dangerous sites found due to hacking has dropped to “just” 150,000 per month, down from over 300,000 a month in 2009. However the number of specially created websites, designed just to deliver malware, remains high with about 10,000 site discovered per month. This is slightly down from a high of 12,000 per month at the end of 2010.

How to stop yourself becoming a victim? Don’t ignore browser warnings. Since legitimate sites can be hacked and modified to contain malware, don’t visit a website if a browser warning is shown, no matter how well-known the website is to you.

Google Releases Chrome 17 with Security Fixes and New Malicious Downloads Protection

(LiveHacking.Com) – Google has released a new version of its Chrome web browser with twenty security fixes and new functionality to try and protect users from malicious downloads. Chrome 17.0.963.46 fixes one Critical security bug, a race condition after crash of the utility process, eight “High” rated vulnerabilities with the remaining being marked as “Medium” or “Low”. Google paid out a total of $11,500 to researchers for their efforts in finding vulnerabilities.

Fixes included in this release include:

  • [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
  • [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
  • [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
  • [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
  • [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
  • [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
  • [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
  • [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
  • [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
  • [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
  • [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
  • [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
  • [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek.
  • [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
  • [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
  • [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
  • [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
  • [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
  • [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
  • [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).

Chrome 17 also enhances its use of Google’s Safe Browsing, a continuously-updated list of known phishing and malware websites, to include checking of executable downloads. Chrome checks executable downloads against a list of known good files and publishers. If a file isn’t from a known source, Chrome sends the URL and IP of the host and other meta data, such as the file’s hash and binary size, to Google. The file is automatically classified using machine learning analysis and the reputation and trustworthiness of files previously seen from the same publisher and website. Google then sends the results back to Chrome, which warns you if you’re at risk.

Chrome 17 also contains a number of new features including:

  • New Extensions APIs
  • Updated Omnibox Prerendering

Chrome 17.0.963.46 is available for Windows, Mac, Linux. More details on the update is available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.