Categories: Security

Google To Add ‘Man-In-The-Middle’ Warning To Chrome In December

Google is to introduce a new warning in its Chrome browser for problems caused by legitimate software intercepting users’ web traffic.

The warning, which can be triggered, for instance, by security software that monitors users’ data but uses incorrect methods to do so, is to replace some of the SSL error messages currently displayed by Chrome, according to the feature’s project lead.

Safe Browsing hits 3 billion

The shift is part of Google’s ongoing efforts to fine-tune its Safe Browsing feature, launched 10 years ago. Google said on Monday the feature is now active on 3 billion devices, up from 2 billion as of May 2016.

Safe Browsing displays warnings before users visit a site that might harm their computer.

The new Chrome error screen.

“Safe Browsing also had to evolve to effectively protect users. And it has,” Google’s Stephan Somyogi and Allison Miller said in a blog post.

In a 2015 paper Google described its efforts to modify SSL warning screens to make users more likely to respond to them, after finding only 30 percent of users followed the warnings’ advice.

The new man-in-the-middle continues that work, and is intended to replace SSL warnings currently triggered by legitimate programs that aren’t configured properly, according to Sasha Perigo, a Stanford student who led development of the feature while a Google intern.

Loading ...

Misconfiguration

“This error page will only be shown to users who were already seeing SSL errors,” Perigo wrote.

Instead of the standard SSL error message, the user will now see a warning that reads, “An application is stopping Chrome from safely connecting to this site”.

She said examples of programs that could trigger the alert include antivirus and firewall programs.

Malicious attacks intercepting users’ internet traffic, a technique known as a ‘man in the middle’ (MITM) attack, will continue to display the standard Chrome SSL warning message, Perigo said.

She released a screenshot of the feature’s warning message on Twitter.

The new messages are planned for release in Chrome 63 on 5 December, but are currently available in the ‘Canary’ test version of the browser.

The feature is called ‘MITMSoftwareInterstitial’ and in Canary it must be manually enabled. That won’t be the case with Chrome 63, when the feature is to be switched on by default. Perigo gave instructions for enabling the feature on Twitter.

The interception of users’ data via Chrome extensions has been an ongoing problem for Google. In August security researchers said a number of attacks occurred after malicious users hijacked legitimate Chrome extensions.

Meanwhile, at the DefCon conference this summer a pair of German researchers revealed how they’d purchased supposedly anonymised data collected via Chrome extensions and used it to identify the detailed browsing habits of prominent German citizens.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago