We all know how hard it is to fight the daily threat of zero-day malware so it’s no surprise to hear that search engine company Google has submitted a design to it’s Chrome development team that aims to improve its Safe Browsing Service. Google is constantly crawling the Internet in search of malicious websites which for example deliver drive-by downloads and rogue security software. It’s a never ending game of playing “catchup” with the malware writers. The hackers are learning new methods of evading Google’s Safe Browsing Service and Google just like the AV industry is finding it hard to keep up.
The URL web exploit threat is real and it is growing. To counter the threat, Google has announced that it wants to collect “usage statistics and crash reports” during Chrome installation. Google will ask for the referer header for each page you visit. This product change will allow Google to correlate compromised websites and the final landing pages which deliver the malicious payload.
Google is also interested in the additional attack code, so it also intends on (through user opt-in) delivering a new ‘Safe Browsing’ warning statement if you visit a malicious website. Google will collect request and response headers for all the URLs and IP address they resolve to and that are fetched. Google appears very concerned about the XSS / IFrame attack vector (as discussed in my article http://bit.ly/9xfYml) so much so that it wants to include URLs from the src of scripts, iframe and embed tags. The data that is collected is stored in memory of the current interstitial and if the user has the opt-in checked the report is then sent to Google.
Google claims there will be no performance impact to the Chrome browser. To be absolutely certain that performance isn’t affected, they will be imposing a limit on the number of process tags and URLs. It appears that Google has admitted (very much like all the search engines) it has a problem and it’s a problem that will not be going away very soon. Importantly for surfers, Google is taking steps to address the URL web exploit threat and like the AV industry, it’s going to be daily malware fight that will last for an infinity.
Safe surfing folks!