Google To Add ‘Man-In-The-Middle’ Warning To Chrome In December

Google is to introduce a new warning in its Chrome browser for problems caused by legitimate software intercepting users’ web traffic.

The warning, which can be triggered, for instance, by security software that monitors users’ data but uses incorrect methods to do so, is to replace some of the SSL error messages currently displayed by Chrome, according to the feature’s project lead.

Safe Browsing hits 3 billion

The shift is part of Google’s ongoing efforts to fine-tune its Safe Browsing feature, launched 10 years ago. Google said on Monday the feature is now active on 3 billion devices, up from 2 billion as of May 2016.

Safe Browsing displays warnings before users visit a site that might harm their computer.

“Safe Browsing also had to evolve to effectively protect users. And it has,” Google’s Stephan Somyogi and Allison Miller said in a blog post.

In a 2015 paper Google described its efforts to modify SSL warning screens to make users more likely to respond to them, after finding only 30 percent of users followed the warnings’ advice.

The new man-in-the-middle continues that work, and is intended to replace SSL warnings currently triggered by legitimate programs that aren’t configured properly, according to Sasha Perigo, a Stanford student who led development of the feature while a Google intern.

Misconfiguration

“This error page will only be shown to users who were already seeing SSL errors,” Perigo wrote.

Instead of the standard SSL error message, the user will now see a warning that reads, “An application is stopping Chrome from safely connecting to this site”.

She said examples of programs that could trigger the alert include antivirus and firewall programs.

Malicious attacks intercepting users’ internet traffic, a technique known as a ‘man in the middle’ (MITM) attack, will continue to display the standard Chrome SSL warning message, Perigo said.

She released a screenshot of the feature’s warning message on Twitter.

The new messages are planned for release in Chrome 63 on 5 December, but are currently available in the ‘Canary’ test version of the browser.

The feature is called ‘MITMSoftwareInterstitial’ and in Canary it must be manually enabled. That won’t be the case with Chrome 63, when the feature is to be switched on by default. Perigo gave instructions for enabling the feature on Twitter.

The interception of users’ data via Chrome extensions has been an ongoing problem for Google. In August security researchers said a number of attacks occurred after malicious users hijacked legitimate Chrome extensions.

Meanwhile, at the DefCon conference this summer a pair of German researchers revealed how they’d purchased supposedly anonymised data collected via Chrome extensions and used it to identify the detailed browsing habits of prominent German citizens.

Do you know all about security in 2017? Try our quiz!