Video Demo of bug:

Deleted: Chrome Bug.webm 4.4 MB

	Chrome Bug.webm 4.4 MB View Download

Able to reproduce the issue on Mac 10.12.2 and Ubuntu 14.04 using 55.0.2883.95/87.
Its working fine on beta 56.0.2924.51 and canary 57.0.2977.0.

Tried reverse bisecting and got all good builds only even increasing the bad revisions.
Good:56.0.2902.0
Bad :56.0.2901.0  
OMahaproxy UI CL:
https://chromium.googlesource.com/chromium/src/+log/56.0.2901.0..56.0.2902.0?pretty=fuller&n=10000
possible suspect from above CL:Review-Url: https://codereview.chromium.org/2435243002
zhaobin@: Could you please have a look into it if its related to your change.

Based on the repro video, it looks like what happens here is that the user visits Google, performs a Google Image search and selects an image to examine. That image (or something that comes down with it) triggers SafeBrowsing to complain that content from the target origin is deceptive, causing to the blocking interstitial page and the "Dangerous" marking.

I believe it is considered "Working as Intended" that, after an origin is marked Dangerous, that marking sticks around even if you navigate to other pages.

Hey

So for example: Google safe browsing blocked xyz.net site for malicious activity.
Now user1 is try to search some images and its end-up with xyz.net malicious website image and google chrome display its in FULL RED page its a good things.

But when user try to open Google.com or Google.co.in in the same tab chrome still think Google is Dangerous its not acceptable. 

The Dangerous is for xyz.net malicious site not for Google.

Re: Comment #5: Yes, your concern is understood. The problem is that there's no solid way to tell whether the outer domain is also malicious (and we only noticed that one one page that had a malicious resource from a known-dangerous domain) or a (somewhat) innocent bystander that just happened to reference a known-dangerous domain incidentally. 

Currently, the UI favors the more secure/paranoid approach.

This is basically the same as  Issue 651055 

What's use of then display SECURE/INFO/DANGEROUS?

If good domains like Google.com & Google.co.in Chrome display as Dangerous then who will trust chrome security state labels?

If we don't have a solid plan then we have to find a way to hack it and fix this behavior.

We've reached out to the Google Images team on potentially integrating SafeBrowsing checks before serving image references.

Hey All,

This issue was merged into 651055 - which was Wont Fix.

So its that mean Google Chrome does not fix fake Dangerous Security state for valid good domain Google.com & Google.co.in ?

The state is not "fake". 

As noted in  Issue 651055 , Chrome's policy is that sites that serve references to resources from Dangerous sites (as determined by Safe Browsing) will be marked as Dangerous for the lifetime of the browser instance. This helps ensure that malicious sites are not able to circumvent the protections of Safe Browsing.

Sorry but little confused here.

Chrome's policy is that sites that serve references to resources from Dangerous sites (as determined by Safe Browsing) will be marked as Dangerous for the lifetime of the browser instance

If google images serve the images from Dangerous sites then why not chrome mark Google as a Dangerous when we open the first time?

Why chrome wait for load image from Dangerous sites and then mark as a Dangerous?

You can learn more about Google Safe Browsing here: https://www.google.com/transparencyreport/safebrowsing/faq/?hl=en