Ad slingers beware! Google raises Red Screen of malware Dearth
Chrome to take shine off dodgy networks
Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe.
The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor security or injector functionality.
Google's move is significant in that it puts the quagmire that is the online advertising networks on notice.
This could conceivably see Google's Red Screen™ block a host of legitimate websites that lack the means, will or skill to vet the security of ads they run.
"Unwanted software is being distributed on web sites via a variety of sources, including ad injectors as well as ad networks lacking strict quality guidelines," Google browser security bods Moheeb Abu Rajab and Stephan Somogyi say.
"In many cases, Safe Browsing within your browser is your last line of defense.
"Safe Browsing’s focus is solely on protecting people and their data from badness. And nothing else."
Some players in the online advertising industry are a blight on information security and serve as a popular means by which malware merchants can target large numbers of users visiting prominent websites.
These attacks begin often with small advertising merchants who will accept a VXer's malicious ad which has been manipulated such that it redirects visitors to exploit kits. These ads are not vetted by the small merchants and are then sold up the advertising chain until it lands on prominent legitimate sites.
It is that lack of transparency that Google under its recent campaign against grey-area online ad men would likely be targeting.
Abu Rajan and Somogyi say the Red Screen™ will not be raised for any other reason other than to indicate a malicious or unsafe ad network, malware infected page, or similar net nasty. ®
- App stores
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Google AI
- Google Cloud Platform
- Google Nest
- G Suite
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Tavis Ormandy
- Trusted Platform Module
- Zero trust