kreizihorse - Fotolia

Google’s Chrome to flag deceptive embedded content

Browser will warn of any embedded content such as ads that pretend to act like, and look and feel like, a trusted entity

Google’s Chrome browser is to warn users of deceptive download buttons and other misleading embedded content, such as social engineering ads.

The new warnings are part of Google’s Safe Browsing initiative and the latest update in the company’s effort to target social engineering attacks.

Safe Browsing, which is enabled by default for users of Google Chrome, Mozilla Firefox and Apple Safari, is aimed at highlighting web security threats and encouraging safer web security practices.

In November 2015, Google expanded its protection from traditional phishing attacks aimed at stealing personal information to include more types of deceptive web content.

Google defines a social engineering attack as when any web content pretends to act like, and look and feel like, a trusted entity such as a bank to trick people into sharing a password, for example.

According to Google, embedded content such as ads will be considered social engineering if they mimic a trusted entity.

This means that Google’s Chrome browser will warn users if an ad links to malicious content, if an image claims that software is out of date to trick users into clicking an “update” button, if there is a “play” or “download” button that has been made to look like the rest of the site but links to malicious content, or if there is a survey button designed to trick people into revealing personal information.

Read more about safe browsing

“Our fight against unwanted software and social engineering is still just beginning,” Lucas Ballard of Google’s Safe Browsing team wrote in a blog post. “We will continue to improve Google’s Safe Browsing protection to help more people stay safe online.”

Because embedded content is often supplied by third parties, website administrators may not be aware that their sites include malicious content.

If a website is flagged for containing social engineering content, Google provides social engineering help for webmasters.

Webmasters are advised to verify site ownership that no new “owners” have been added, to ensure that no website pages contain deceptive content, to ensure that any ads, images, or other embedded third-party resources on their site’s pages are not deceptive, and to request a security review after removing all social engineering content.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This is a well-needed advance that looks to finally let end-users get back to work instead of constantly updating and deleting and removing all the hooks left behind. As might be suspected, the marketers and advertisers are up in arms in fear that their odd business model is threatened. Surely someone somewhere told those marketers and advertiser that their intrusive, obnoxious interruptions were inexcusable and needed to be eliminated. Since they seemed incapable to tending their own house, Google has stepped in and done it for them. Way to go, Google...!
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close