Chrome users on the developer channel or Canary will see download warnings if they try to download a file on a website that matches the list of malicious websites published by Google’s Safe Browsing Api. The warning reads “This file appears to be malicious. Are you sure you want to continue” with options to discard and save. The options may cause quite the confusion among users, and it would probably have been better if Google would have simply added Yes and No buttons to the prompt
Another thing to remember is that all downloads of said websites will be flagged, regardless whether they are indeed malicious or dangerous in nature, or not. All downloads? Well that is not entirely right, at least not for now. Google flags all Windows executable downloads as suspicious if the site is on the Safe Browsing list. No warning is currently displayed for other files. These files are not actually scanned by Google, keep that in mind if the warning message pops up.
Google Chrome already sports a number of security-minded features, from Incognito mode to a software sandbox which makes exploiting the browser a Herculean task. Now, Google has announced additional protection for Chromium and Chrome users.
Built upon the Safe Browsing API, the new feature introduces protection against malicious downloads. If a download link appears in the Safe Browsing blacklist, Chrome and Chromium will warn users against downloading -- a save button is still presented, of course, in case you're convinced a file is perfectly safe to download.
We'd like to see something a bit more eye-catching than the red warning icon -- like perhaps painting the entire bar red. Many of the people a feature like this aims to protect probably won't notice the icon or change in wording as they'll be focused on clicking the save button.
Google is initially making download protection available to Chrome dev channel users, and you'll likely see it in Canary and Chromium snapshot builds as well. After thorough testing, beta and stable users will be next in line.
The first is a full-featured proxy API, which will, for example, allow users to set different proxy servers for normal browsing and Incognito mode. Proxy auto-config scripts are also supported by the API.
The second -- Web Navigation Extension -- is a bit more expansive. This API will allow devs to build everything from more powerful safe browsing extensions -- like Traffic Light -- to data analysis and reporting extensions.
Both APIs are currently experimental, so you'll need to enable them on the about:flags page to try out any relevant extensions. Apart from a proxy example built by Google and shipped with the Chromium source, we're not aware of any examples just yet, however. We'll let you know when we spot any slick, new extensions which do surface.