Google fixes Safe Browsing security loophole

Google has announced new measures that resolve a security loophole that allows certain websites to circumnavigate its Safe Browsing service.

Writing for its official security blog, Brooke Heinichen, a strategist for the tech giant’s safe browsing team, said that it has picked up on a pattern of behavior that subverted this important security mechanism.

Safe Browsing basically delivers warnings to users that the website they are attempting to access is unsafe.

This means that it has been identified as being in violation of Google’s Malware, Unwanted Software, Phishing, and Social Engineering Policies.

It does this by showing a warning, which remains visible until the website has made efforts to comply with Google’s policies.

“However, over time, we’ve observed that a small number of websites will cease harming users for long enough to have the warnings removed, and will then revert to harmful activity,” explained Heinichen.

“As a result of this gap in user protection, we have adjusted our policies to reduce risks borne by end-users.”

Google says that these culprits will be classed as repeat offenders. This particularly applies to websites that “repeatedly switch between compliant and noncompliant behavior within a short window of time”.

Heinichen added: “Please note that websites that are hacked will not be classified as repeat offenders; only sites that purposefully post harmful content will be subject to the policy.”

Author , We Live Security

Follow us

Copyright © 2018 ESET, All Rights Reserved.