Google Claims Security Precautions Were Taken for Instant Pages

Google has responded to security concerns regarding its upcoming Instant Pages technology and claims that precautions were taken to ensure that nothing malicious is downloaded on people's computers through it.

Instant Pages is a combination of Google Search's ability to predict what results people are likely to click on and the prerendering feature in Google Chrome.

[ADMARK1]The idea is to begin loading search results in the background immediately after a query, even though the user has not decided what link to click on yet.

In this manner, if they do decide to go with the first ones, the corresponding pages will be rendered instantly and the experience will be faster.

But security researchers pointed out last week that cyber crooks have proven able to push malicious links at the top of search results for particular terms in the past.

"We've thought hard about this issue, and we don't believe there is any additional risk to users," a Google spokesperson said when presented with the theory, according to The Register.

"Sites marked as potentially harmful by our Safe Browsing technology will not be pre-rendered, nor will sites that Chrome detects as suspicious. We also exclude sites with SSL certificate issues and those that try to download files or display popup alerts," they explained.

However, even if we're ready to accept that Google's Safe Browsing and Chrome's mechanisms are accurate enough to block all forms of exploits and drive-by downloads, which they probably aren't, there are multiple ways in which this technology can be misused.

That's because Chrome's prerendering feature is not available only for Google Search and its new Instant Pages, but to all websites. Attackers can inject rogue link elements with the rel="prerender" parameter into any compromised website.