Ddos After releasing it for half a year, security experts and Windows users are now aware that Chrome integrates a virus scanning tool that scans files on users’ computers. Google’s move raises concerns when privacy is getting more and more noticed.
Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. “In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation — even just to preemptively ease speculation,” Shortridge told me in an online chat. “Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of ‘user-friendly software’ that informs the policy for Chrome Cleanup [Tool].” Her tweet got a lot of attention and caused other people in the infosec community — as well as average users such as me — to scratch their heads.
I was wondering why my Canarytoken (a file folder) was triggering & discovered the culprit was chrome.exe. Turns out @googlechrome quietly began performing AV scans on Windows devices last fall. Wtf m8? This isn’t a system dir, either, it’s in Documents pic.twitter.com/IQZPSVpkz7
— Kelly Shortridge (@swagitda_) March 29, 2018
Google bundled the Chrome Cleanup tool in the Windows version of Chrome to ensure that the computer is safe and clean, but the difference between Chrome Cleanup’s work and other virus scanning tools is that it is not transparent at all and does not even prompt the user explicitly. Does the virus scanning tool upload files to Google? Users agree that installing Chrome does not mean that they agree to bundle Chrome Cleanup. Google’s practice has also caused controversy.
Source: Slashdot, Motherboard
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
