Google Safe Browsing to alert users on unsafe sites

05 Feb 2016

Google's Safe Browsing technology will now warn people using Google Chrome, Apple Safari or Mozilla Firefox internet browsers of image ads and other embedded content in web pages that the company deems as being malicious or potentially unsafe.

Starting this week, when users of these browsers encounter potentially deceptive advertisements or download buttons for risky actions or content, Safe Browsing will pop up an alert.

The security notification will warn users about the potential for their being tricked into doing something risky like installing software or sharing personal information such as passwords and phone numbers. The dialog box also invites users to share details of the incident with Google.

Google said examples of risky ads or embedded content that Safe Browsing will keep an eye on include error messages that urge users to update certain software and dialog boxes from seemingly trusted vendors that invite users to install a required component.

Lucas Ballard, a member of Google's Safe Browsing team, said the company has developed some specific criteria for identifying and labelling ads and other embedded content as being malicious or potentially unsafe.

 For instance, an ad will be considered as being used for social engineering if it pretends to act, look and feel like a trusted device, browser or part of the website itself, Ballard said in a blog post announcing the new capability. Similarly, any ad or embedded content that attempts to trick a user into an action they would normally take only with a trusted entity, like sharing a password, will be labelled as dangerous.

"If visitors to your web site consistently see social engineering content, Google Safe Browsing may warn users when they visit the site," rather than only when they encounter the potentially unsafe content. Sites that are flagged for serving up potentially unsafe content will need to fix the problem for Google to stop the alerts.

The latest Safe Browsing feature builds on Google's ongoing efforts to use its massive online presence to force website owners to take better security precautions.

The company launched Safe Browsing about eight years ago as a way to warn internet users about interacting with unsafe sites, such as those used for phishing purposes or for relaying spam or installing malware. Google has previously noted that Safe Browsing technology helps uncover an average of 90,000 phishing sites and an estimated 50,000 malware-distribution sites every month.

Safe Browsing alerts are as much for website owners as they are for internet users, according to Google. The alerts warn site owners about potential security issues that they might have missed on their own, so they have an opportunity to fix them in a timely manner. Sites that ignore the alerts run the risk of being labelled as insecure and pushed down or even ignored in search engine results.

Last December, Google added default Safe Browser support for its Chrome browser for Android, meaning that owners of smartphones and tablets running the operating system now get the same security alerts that desktop users have been getting for years.