A complex question actually. Protection against many types of malware still needs to be present, it's simply moved to the cloud. There will still need to be hostile web sites that are blocked, and remediation to the OS for vulnerabilities discovered, but this is for all intent taken over by Google. And, by virtue of not having traditional EXE files, another vector is removed. Of course, all this doesn't give the user a free pass to do dumb things online, safe computing still is the rule. My guess: expect to see more social engineering attacks as this technology rolls out.