Are you seeing red?

October 30th, 2009

It’s National Cyber Security Awareness Month, the perfect time to shed some light on a few Google Chrome alerts that are designed to help protect your browsing experience on the web.

You may have run into one of Google Chrome’s red alert messages when trying to visit a site and wondered why the browser did not immediately bring up the page you requested. These are messages triggered by the phishing and malware protection feature that’s enabled by default in the Options menu. Here’s an example:

Are you seeing red?

Whenever you see this warning, Google Chrome has detected that the site you’re trying to visit may contain malware. Malware is code that attempts to steal your personal information or download harmful software onto your computer. Besides the malware warning, Google Chrome also checks the security certificates of sites that claim to be properly encrypted (such as bank sites or shopping sites), but that may also ask you for your personal or financial information under false pretenses. If a site’s certificate is suspicious, you may see one of the following messages:

  • “This is probably not the site you are looking for!” This message comes up when the URL listed in the site’s certificate doesn’t match the site’s actual URL, which means that the site you’re trying to visit may be pretending to be another site.
  • “The site’s security certificate is not trusted!” Since anyone can create a certificate, Google Chrome checks to see whether a site’s certificate came from a trusted organization. This message means that the certificate wasn’t issued by a recognized third-party organization.
  • “The site’s security certificate has expired!” or “The server’s security certificate is not yet valid!” If you see one of these messages, that means the site’s certificate is not up-to-date. Therefore, Google Chrome can’t verify that the site is secure.
  • “The server’s security certificate is revoked!” The third-party organization that issued the site’s certificate has marked the certificate as invalid. Again, Google Chrome can’t verify that the site is secure.

It’s a good idea to heed these messages you see, even if the site you’re trying to visit is owned by someone you know and trust.

Hackers can take advantage of security holes on a site without the site owner’s knowledge. So even though you’ve visited your friend’s blog without any problem in the past, the warnings can still show up one day if someone exploits a vulnerability on the site. (And if you’re seeing this message for a site you own, we’re here to help! Just follow these instructions in the Webmaster Help Center. Also, check out this blog post we’ve written about detecting and removing malware.) Google Chrome goes to great lengths to help keep you safe on the web. If you want to learn more about protecting your computer, website, and personal information, check out our security series on the Google blog or visit.

Posted by Fiona Chong, Online Editor