The addition is an acknowledgment that attackers are more likely to skip email in favor of the web, whether it’s linking directly to bad files or “drive-bys” that try to send a file your way without asking.

The timing may be apt. Malware creators are finding more and more ways to start downloads without consent, for a start. On top of this, it’s becoming clearer that broad-based hacking campaigns aren’t going away any time soon. If Google doesn’t toughen its Chrome protections, intruders might see that as a weakness they can exploit for targets that are otherwise relatively secure.