kreizihorse - Fotolia

Google’s Chrome to flag deceptive embedded content

Browser will warn of any embedded content such as ads that pretend to act like, and look and feel like, a trusted entity

Google’s Chrome browser is to warn users of deceptive download buttons and other misleading embedded content, such as social engineering ads.

The new warnings are part of Google’s Safe Browsing initiative and the latest update in the company’s effort to target social engineering attacks.

Safe Browsing, which is enabled by default for users of Google Chrome, Mozilla Firefox and Apple Safari, is aimed at highlighting web security threats and encouraging safer web security practices.

In November 2015, Google expanded its protection from traditional phishing attacks aimed at stealing personal information to include more types of deceptive web content.

Google defines a social engineering attack as when any web content pretends to act like, and look and feel like, a trusted entity such as a bank to trick people into sharing a password, for example.

According to Google, embedded content such as ads will be considered social engineering if they mimic a trusted entity.

This means that Google’s Chrome browser will warn users if an ad links to malicious content, if an image claims that software is out of date to trick users into clicking an “update” button, if there is a “play” or “download” button that has been made to look like the rest of the site but links to malicious content, or if there is a survey button designed to trick people into revealing personal information.

Read more about safe browsing

  • Google launches a tool for downloading its list of suspected phishing and malware URLs – the Safe Browsing API.
  • It is no secret that workers often spend part of their working day casually browsing the web. But this casual surfing, if left unmanaged, can seriously jeopardise the security of your network. 
  • Google updates Chrome browser to warn users about deceptive software downloads.

“Our fight against unwanted software and social engineering is still just beginning,” Lucas Ballard of Google’s Safe Browsing team wrote in a blog post. “We will continue to improve Google’s Safe Browsing protection to help more people stay safe online.”

Because embedded content is often supplied by third parties, website administrators may not be aware that their sites include malicious content.

If a website is flagged for containing social engineering content, Google provides social engineering help for webmasters.

Webmasters are advised to verify site ownership that no new “owners” have been added, to ensure that no website pages contain deceptive content, to ensure that any ads, images, or other embedded third-party resources on their site’s pages are not deceptive, and to request a security review after removing all social engineering content.

Read more on Privacy and data protection

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This is a well-needed advance that looks to finally let end-users get back to work instead of constantly updating and deleting and removing all the hooks left behind. As might be suspected, the marketers and advertisers are up in arms in fear that their odd business model is threatened. Surely someone somewhere told those marketers and advertiser that their intrusive, obnoxious interruptions were inexcusable and needed to be eliminated. Since they seemed incapable to tending their own house, Google has stepped in and done it for them. Way to go, Google...!
i have a Deceptive embedded resources problem in my blog. he gives me a reason for security issue "These pages contain embedded content, such as images or ads, that attempts to trick users into doing something dangerous such as installing unwanted software or revealing personal information."
sir how to fix it please help me