Malware

• Google
• Google Chrome
• Chromebooks
• Malware
• Web browser

Google added automatic malware blocking to latest ‘Canary’ build of Chrome

Ben Lovejoy Oct 31 2013 - 6:58 am PT

1 Comment

Google has added automatic blocking of malware from the latest ‘Canary‘ build of its Chrome browser.

Bad guys trick you into installing and running this kind of software by bundling it with something you might want, like a free screensaver, a video plugin or—ironically—a supposed security update. These malicious programs disguise themselves so you won’t know they’re there and they may change your homepage or inject ads into the sites you browse […]

In the current Canary build of Chrome, we’ll automatically block downloads of malware that we detect.

Confusingly, Google has four versions of its Chrome browser available at any one time: the official, public release; a developer version; a beta version, for those who want early access to new features; and Canary. Canary is essentially a beta version that installs as a second browser, so you can use that most of the time and fall back to the official version if something doesn’t work.

While not all Canary features make it into the official build, this one seems likely to – and would make Chrome the ideal browser to recommend to any of your less-techy family and friends who cheerfully download anything and everything, usually identifiable by the fact that the top half of their browser window comprises half a dozen different toolbars …

• Android
• security
• Malware
• Android security
• Android malware

Google patches Android to block application signature vulnerability

Ben Lovejoy Jul 9 2013 - 3:51 am PT

0 Comments

Google has issued a patch to handset manufacturers to block a security hole that could, in theory, allow almost any Android application to be turned into malware, reports ZDNet.

It doesn’t get much scarier than this. Bluebox Security claimed to have discovered a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into Trojan malware. Google has told ZDNet that the hole has been patched and that it has been released to original equipment manufacturers (OEM)s.

Handset and tablet owners will have to rely on the manufacturer to push the patch to their device, but the vulnerability isn’t as scary as it sounds. While it would in principle allow an attacker to change almost any application to malware without Android detecting the change, Google reports that there is no evidence of the exploit having actually been used.

“We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play,” said Gina Scigliano, Google’s Android Communications Manager.

Via Techmeme