Enhanced Security in Chrome: New Alerts for Suspicious File Downloads

CVE-2024-4761 - Google Sell Chrome

Google Chrome has introduced a new warning system for downloading potentially dangerous, password-protected files. This two-tier warning system for downloads is based on the results of AI malware analysis within the “Safe Browsing” mode.

Users will now see warnings that vary in iconography, color, and text:

  1. Suspicious files (lower confidence verdict, unknown risk of user harm)
  2. Dangerous files (high confidence verdict, high risk of user harm)

legacy, space-constrained warning vs. our redesigned one

These improvements have significantly changed user behavior: fewer missed warnings, quicker responses to warnings, and ultimately better protection against malicious downloads.

Additionally, Google Chrome now sends suspicious files to the company’s servers for deeper scanning if the user has enabled Enhanced Protection in Safe Browsing. Notably, scanned files are 50 times more likely to be flagged as malware compared to all downloads combined.

When downloading password-protected archives (e.g., .zip, .7z, or .rar), users with Enhanced Protection enabled will be prompted to enter the password before the file is sent for additional scanning. Google guarantees that files and passwords will be deleted immediately after scanning, and all collected data will only be used to improve download protection.

Chrome users in Standard Protection mode will also need to enter passwords for downloaded archives. However, both files and passwords will remain on the local device, and only the metadata of the archive contents will be checked.

Safe Browsing

Enter a file password to send an encrypted file for a malware scan

This innovation follows Google’s long deliberations and discussions regarding the continued support of third-party cookies in Chrome. The efforts of recent years have proven worthwhile, as the advertising industry’s complaints have finally been heard. The company announced it would not abandon third-party cookies. Instead, it is introducing a new user experience in Chrome, allowing users to make informed choices during web surfing, which can be changed at any time.

Related Posts: