Feeds

back to article Google Chrome extension detects dangerous websites

Google has released an extension for its Chrome browser that helps developers and security testers identify websites that execute unsafe code on end user computers. The release of DOM Snitch, as the experimental extension is known, comes five weeks after application security provider Mind Security published a Firefox extension …

COMMENTS

This topic is closed for new posts.

Irony

Does the Chrome browser extension that detects unsafe things also work in IE to detect the Chrome plug-in being run bypassing security controls?

2
0

What?

Link please?

0
0
Anonymous Coward

Re: Irony

Or does this new DOM extension have access to Chrome's built-in pre-fetching technology so that you don't have to click after it should already know its a bad site?

Chrome ... the browser of contradictions, what a mess!

Thankfully, I'll never use it or recommend its use. But it is noteworthy as a catalog/mish-mash ...

0
0
Silver badge
Facepalm

They're opening themselves up a bit here

"Google stresses that there are no guarantees that DOM Snitch will work flawlessly for all web applications."

So if this application falsely flags a company's sites as insecure when they aren't (as verified by their own penetration testers) and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts.

1
1

re: Opening themselves up a bit

While anybody can sue anybody for anything, they are probably pretty safe. The plug-in isn't installed or enabled by default, and theoretically the only people using it are those with technical knowledge who know the repercussions of using it - and who agree to the hold-harmless agreement when they install it.

It's much LESS a case of libel then the false positives from an antivirus vendors for websites and applications that aren't malicious. Vendors like AVG are notorious for flagging simple javascript such as that which obscures email addresses from spammers scraping for addresses as viruses, and don't respond to those who report it.

1
0
Silver badge

And the difference

between this avoid all responsibility for the quality of this software statement and the EULA on most if not all other software is what exactly?

The results returned if in error would just be declared a false positive, I am not aware of any AV companies being sued for bricking an OS. Or MS being sued for selling product that is so flawed that it lends itself to being owned by unauthorised third parties.

It is a get out of jail free card and whilst I accept securing and ensuring the reliability of complex software systems is difficult, I would much more prefer a statement along the lines of "There is no guarantee that this software is fit for purpose" in an EULA rather than the weasel words that are usually employed.

0
0

Its still alpha/beta

Google's probably going to have the "its still a beta" excuse for a few more years at least.

0
0

Isn't this tool a security threat in itself?

Tool requires access to all website data. Fair enough, but how much does it know about my banking site contents and stuff on other https sites?

0
0
Anonymous Coward

boo title.

Well, exactly the same as your browser does.

0
0

Re: They're opening themselves up a bit her

"and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts."

The internet security/virus companies have been doing this for years and they don't seem to have managed to get themselves sued yet!

0
0
Thumb Down

Quickly disabled

Too much performance hit.

0
0
This topic is closed for new posts.