kreizihorse - Fotolia

Google’s Chrome to flag deceptive embedded content

Browser will warn of any embedded content such as ads that pretend to act like, and look and feel like, a trusted entity

Google’s Chrome browser is to warn users of deceptive download buttons and other misleading embedded content, such as social engineering ads.

The new warnings are part of Google’s Safe Browsing initiative and the latest update in the company’s effort to target social engineering attacks.

Safe Browsing, which is enabled by default for users of Google Chrome, Mozilla Firefox and Apple Safari, is aimed at highlighting web security threats and encouraging safer web security practices.

In November 2015, Google expanded its protection from traditional phishing attacks aimed at stealing personal information to include more types of deceptive web content.

Google defines a social engineering attack as when any web content pretends to act like, and look and feel like, a trusted entity such as a bank to trick people into sharing a password, for example.

According to Google, embedded content such as ads will be considered social engineering if they mimic a trusted entity.

This means that Google’s Chrome browser will warn users if an ad links to malicious content, if an image claims that software is out of date to trick users into clicking an “update” button, if there is a “play” or “download” button that has been made to look like the rest of the site but links to malicious content, or if there is a survey button designed to trick people into revealing personal information.

Read more about safe browsing

  • Google launches a tool for downloading its list of suspected phishing and malware URLs – the Safe Browsing API.
  • It is no secret that workers often spend part of their working day casually browsing the web. But this casual surfing, if left unmanaged, can seriously jeopardise the security of your network. 
  • Google updates Chrome browser to warn users about deceptive software downloads.

“Our fight against unwanted software and social engineering is still just beginning,” Lucas Ballard of Google’s Safe Browsing team wrote in a blog post. “We will continue to improve Google’s Safe Browsing protection to help more people stay safe online.”

Because embedded content is often supplied by third parties, website administrators may not be aware that their sites include malicious content.

If a website is flagged for containing social engineering content, Google provides social engineering help for webmasters.

Webmasters are advised to verify site ownership that no new “owners” have been added, to ensure that no website pages contain deceptive content, to ensure that any ads, images, or other embedded third-party resources on their site’s pages are not deceptive, and to request a security review after removing all social engineering content.

Read more on Privacy and data protection