• http://www.techneurons.com/career/
  • experienced programming consultants for hire !!!

    Contact Now

    News: Google Chrome browser adds malware download protection

    WEDNESDAY, JUNE 8, 2011 | techworld Bookmark and Share

    Google updated Chrome to version 12, adding a new tool that warns users when they've downloaded files from dangerous websites.

     
    The company also patched 15 bugs in the browser and paid out nearly $10,000 in bounties to outside researchers who reported vulnerabilities to its security team.
     
    New to Chrome 12 is a feature that flags dodgy files pulled from the web. Chrome now shows an alert when users download some file types from sites that are on the Safe Browsing API (application programming interface) blacklist, which Google maintains.
     
    Safe Browsing already identifies suspicious or unsafe sites, then adds them to a blacklist. Chrome, Mozilla's Firefox and Apple's Safari all tap into Safe Browsing to warn users of risky sites before they actually visit them. But by expanding its use of Safe Browsing to signal users of not just malicious sites, but also the downloads that come from them, Google is following in Microsoft's footsteps.
     
    Internet Explorer 9 (IE9), which launched in mid-March, uses something Microsoft calls "SmartScreen Application Reputation" to rank the probability that a download is legitimate software. Files that don't appear legit trigger a warning if users try to run or save them after downloading.
     
    The new tools within IE9 and Chrome have been applauded by security researchers because hackers don't always rely on exploits to plant malware on machines. They are often able to trick uses into doing their work for them.
     
    Fake antivirus software, called "scareware," is a good example. Malicious sites make visitors believe their PCs are infected, and then pitch them worthless security software that can supposedly clean their computer.
     
    Some Mac users got a first hand look at scareware last month when an experienced gang that had worked the Windows side of the street kicked off an aggressive campaign to also sell fake Mac antivirus software. Other improvements in Chrome 12 include additional support for hardware-accelerated 3D graphics in Windows Vista, Windows 7 and Mac's Snow Leopard.
     
    It also supports Adobe Flash's new settings that let users decide if they want sites to track them with Flash cookies, also called "Local Stored Objects" (LOB).
     
    Users can now delete Flash cookies when they clear other browser data by checking an option in Chrome's preferences panel. The new setting is in the "Under the Hood" section of the panel. To clear LOBs, click the "Clear Browser Data" button beside the Privacy label, and check the "Delete cookies and other site and plug-in data" box.
     
    IE9 and Firefox already support the LOB-deletion changes to Flash 10.3, but Apple Safari users will have to wait until next month, when Safari 5.1 ships with Mac OS X 10.7, aka Lion.
     
    None of the vulnerabilities was pegged as "critical," the category reserved for bugs that may let an attacker escape Chrome's anti-exploit sandbox. Google has patched several critical bugs this year, including two in April.
     
    Four of the 15 vulnerabilities were identified as "use-after-free" bugs, a type of memory management flaw that can be exploited to inject attack code, while two others were labeled "same origin bypass" vulnerabilities. Those bugs could be used to steal sensitive information contained in legitimate sites open in the browser by tricking users into visiting malicious URLs at the same time.
     
    As it always does, Google locked the Chrome bug tracking database to prevent outsiders from reading up on the patched vulnerabilities. The company bars the public from the database to give users time to update, sometimes waiting months before removing the blocks. For example, none of the descriptions for the 27 bugs Google patched in late April can yet be accessed by the public.
    We are experts in Cloud Computing Technologies. We can assist you to build high scalable business applications using Amazon Web Services (Amazon EC2, Amazon S3, Amazon SES, SNS, CloudFront), Windows Azure Platforms - Windows Azure and SQL Server Azure, Google App Engine using Python and Django Framework. We are Expert Programming Consultants available at affordable rates per hour. We work on several technologies - .NET, Python, Google App Engine, PHP, Windows Azure, Amazon Web Services ...