back to article Google Chrome extension detects dangerous websites

Google has released an extension for its Chrome browser that helps developers and security testers identify websites that execute unsafe code on end user computers. The release of DOM Snitch, as the experimental extension is known, comes five weeks after application security provider Mind Security published a Firefox extension …


This topic is closed for new posts.
  1. John Styles


    Does the Chrome browser extension that detects unsafe things also work in IE to detect the Chrome plug-in being run bypassing security controls?

    1. G Murphy


      Link please?

    2. Anonymous Coward
      Anonymous Coward

      Re: Irony

      Or does this new DOM extension have access to Chrome's built-in pre-fetching technology so that you don't have to click after it should already know its a bad site?

      Chrome ... the browser of contradictions, what a mess!

      Thankfully, I'll never use it or recommend its use. But it is noteworthy as a catalog/mish-mash ...

  2. Steven Roper

    They're opening themselves up a bit here

    "Google stresses that there are no guarantees that DOM Snitch will work flawlessly for all web applications."

    So if this application falsely flags a company's sites as insecure when they aren't (as verified by their own penetration testers) and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts.

    1. Donn Bly

      re: Opening themselves up a bit

      While anybody can sue anybody for anything, they are probably pretty safe. The plug-in isn't installed or enabled by default, and theoretically the only people using it are those with technical knowledge who know the repercussions of using it - and who agree to the hold-harmless agreement when they install it.

      It's much LESS a case of libel then the false positives from an antivirus vendors for websites and applications that aren't malicious. Vendors like AVG are notorious for flagging simple javascript such as that which obscures email addresses from spammers scraping for addresses as viruses, and don't respond to those who report it.

    2. adnim

      And the difference

      between this avoid all responsibility for the quality of this software statement and the EULA on most if not all other software is what exactly?

      The results returned if in error would just be declared a false positive, I am not aware of any AV companies being sued for bricking an OS. Or MS being sued for selling product that is so flawed that it lends itself to being owned by unauthorised third parties.

      It is a get out of jail free card and whilst I accept securing and ensuring the reliability of complex software systems is difficult, I would much more prefer a statement along the lines of "There is no guarantee that this software is fit for purpose" in an EULA rather than the weasel words that are usually employed.

    3. Al_21

      Its still alpha/beta

      Google's probably going to have the "its still a beta" excuse for a few more years at least.

  3. ahmanwhathandle

    Isn't this tool a security threat in itself?

    Tool requires access to all website data. Fair enough, but how much does it know about my banking site contents and stuff on other https sites?

    1. Anonymous Coward
      Anonymous Coward

      boo title.

      Well, exactly the same as your browser does.

  4. davidsom

    Re: They're opening themselves up a bit her

    "and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts."

    The internet security/virus companies have been doing this for years and they don't seem to have managed to get themselves sued yet!

  5. Old Tom
    Thumb Down

    Quickly disabled

    Too much performance hit.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022