Malware scanning improved in Google Chrome 17

Google Chrome released it’s first stable (out of beta) release on the 8 February – Chrome 17. This has been some time in the making but it’s finally arrived. This stable release now incorporates a malware download scanner which scans for malicious “.exe” and “.msi” files which checks with a whitelist database (DB) for known good publishers and files.

If a publisher or file cannot be found on the whitelist DB then Chrome will check with Google on whether that website has hosted malicious downloads (past or present). The problem here is that polymorphic packages make the process of identifying malicious download packages very difficult to detect. In this event, Chrome sends the URL and IP of the host and other meta data, such as the file’s hash and binary size straight back to Google.

Nothing smart here, as it’s left to Google security researchers to unpackage and decompile/analyse to understand the malicious behaviour. An arduous job at the best of times I can tell you. This does however, add to the existing Safe Browsing technology that was developed by Google back in 2006 for Firefox.

Safe Browsing has improved somewhat over the years. That said, Safe Browsing only helps if Google knows about the malicious website (this isn’t unique to Chrome by the way). Google has recently made some improvements to Safe Browsing including scanning elements / properties of each web page from the Chrome client.* If Chrome scans a page and finds malware then it reports it back to Google, otherwise Chrome will continue to analyse each website you visit.

For the privacy advocates reading this, Google only collects website data if it believes it to be malicious i.e. provides malicious downloads, URLs, downloads etc. So you can be rest assured Google isn’t collecting your surfing behaviour through this service. If you don’t want to use this service you can disable it, but I don’t for one moment suggest you should – here it is anyway:

Disable phishing and malware detection

  1. Click the wrench icon wrench icon on the browser toolbar.
  2. Select Options (Preferences on Mac and Linux; Settings on Chrome OS).
  3. Click the Under the Hood tab and find the “Privacy” section.
  4. Deselect the “Enable phishing and malware protection” checkbox.

*Of course being the a primary search engine Google is in an advantageous position here. 🙂
As for the latest Chrome 17 release, Google has also patched 20 security vulnerabilities and some of these patches were fixed by researchers who joined the Chromium Awards Program. Good work guys! A close inspection of the vulnerabilities and only one is rated as “critical” by Google. This critical flaw is connected to data permissions (where have we heard this before folks ? Android anyone?) and is known as a ‘race condition’. In this instance shared data can be accessed by multiple concurrent threads without permission from the data access protection. These can lead to data corruption and crashes.

I noted from reading Googles’ blog, that they have announced that they are going to focus on improving SSL revocation analysis security including the OCSP (Online Certificate Status Protocol) feature which allows a browser to check whether an SSL certificate is valid.

Safe surfing folks!

This entry was posted in browser, google, malware, privacy and tagged . Bookmark the permalink.

One Response to Malware scanning improved in Google Chrome 17

  1. Pingback: Malware scanning improved in Google Chrome 17 | News | IT Security Magazine - Hakin9

Leave a Reply

Your email address will not be published. Required fields are marked *