By: Julien Sobrier

Search Engine Security For Google Chrome

Malware

Google Chrome has recently added an API to modify HTTP headers. This in turns, made it possible to port Zscaler's Search Engine Security add-on from Firefox and Firefox Mobile to Google Chrome.

Search Engine Security on the Chrome Web Store

Most hijacked websites used for Blackhat SEO check the Referer header and the User-Agent, to decide whether to redirect the visitor to a harmless spam page or to a malicious domain (Fake AV page, Blackhole exploit kit, etc.). By modifying these 2 headers when the user leaves a Google, Bing or Yahoo! search, Search Engine Security fools the hijacked site into thinking that the visitor is not a real user and therefore avoids redirection to the malicious content.

Search Engine Security enabled for Google

All the work is done in the background, so it can be tricky to understand exactly what happens, or even if the add-on is working. We have therefore added a small note on the Google/Bing/Yahoo! search result pages to show you whether Search Engine Security is on (default settings) or off (disabled in the options):  Zscaler SES on or Zscaler SES off.

Search Engine Security disabled on Bing

To understand how the the headers are modified, look for "referer mobilefish" in Google after you have installed Search Engine Security. Click on the first link "Mobilefish.com - Show my IP". The page will display your User-Agent string and Referer header. With the default settings, the string "slurp" is appended to your User-Agent, and the Referer header is removed. These changes are done only when leaving a Google/Bing/Yahoo! search page.

You can also enable/disable the various settings on the Search Engine Security options page to see how the User-Agent and Referer strings are affected.

Search Engine Security options

You can install Search Engine Security for Google Chrome in the Chrome Web Store.

Learn more about Zscaler.