14 DAY TRIAL // Google plans to introduce malware warnings for downloads in Chrome by leveraging data from Safe Browsing which is already used to block malicious URLs.
Google Safe Browsing is a service that aggregates information about malicious websites in real-time from various sources and also uses specialized crawlers to verify the flagged pages.
The data is available via a public API to anyone interested in using it. In fact, the service is currently being used to also protect Firefox and Safari users from browsing to malicious sites.
Google also uses Safe Browsing data to flag websites in search results as potentially compromised or harmful. Last year the company also introduced automatic abuse notifications for network admins based on Safe Browsing results.
The new feature will block downloads that originate from known malicious pages and will display a warning before allowing the user to discard or save it.
"We're starting with a small-scale experimental phase for a subset of our users who subscribe to the Chrome development release channel, and we hope to make this feature available to all users in the next stable release of Google Chrome," says Moheeb Abu Rajab, a member of the Google Security Team.
With a native sandbox that extends to PDF and Flash plug-ins, as well as with malicious URL and downloads blocking, Google Chrome is probably the most feature-rich browser in terms of security at the moment.
In addition, starting with Chrome 10, the browser automatically disables outdated plug-ins and asks the users to update them. This is very usefull because plugins are a weak spot for browsers today and are commonly targeted in drive-by download attacks.
The one thing still missing from Chrome is a filter to protect against XSS, CSRF and clickjacking attacks. WebKit's cross-site scripting protection, called XSS Auditor, is present in Chrome only as an experimental technology because it is still buggy.