Google is updating Chrome’s malware detection capabilities to include password-protected executable files that users can upload for deep scanning. This update aims to improve the browser’s ability to detect and mitigate more malicious threats.
Google Chrome Enhanced Mode: A Powerful Tool for Safe Browsing
Chrome has offered users an Enhanced Mode in Safe Browsing, which alerts users when they attempt to download potentially unsafe files. This mode relies on a combination of suspicious characteristics and a list of known
malware to flag dangerous downloads. Previously, users were prompted to upload suspicious files that were blocked or not allowed by Chrome’s detection engine.
With the new changes, Google will also prompt users to provide passwords for encrypted files, allowing a deeper scan to detect hidden threats.
Google’s Commitment to User Safety
In a post by Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team, they highlighted the importance of this update. They emphasized that users may feel comfortable sending Google non-sensitive executable files. However, there could be hesitation with password-protected files. Google assures users that these files and passwords will be deleted promptly after scanning. However, the team advises caution, as errors can sometimes go unnoticed for extended periods.
Not all deep scans can be conducted automatically. A current trend in cookie theft malware distribution is packaging malicious software in an encrypted archive—a .zip, .7z, or .rar file, protected by a password—which hides file contents from Safe Browsing and other antivirus detection scans. In order to combat this evasion technique, we have introduced two protection mechanisms depending on the mode of Safe Browsing selected by the user in Chrome.
Attackers often make the passwords to encrypted archives available in places like the page from which the file was downloaded, or in the download file name. For Enhanced Protection users, downloads of suspicious encrypted archives will now prompt the user to enter the file’s password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed. Uploaded files and file passwords are deleted a short time after they’re scanned, and all collected data is only used by Safe Browsing to provide better download protections.
Gizchina News of the week
For those who use Standard Protection mode which is the default in Chrome, we still wanted to be able to provide some level of protection. In Standard Protection mode, downloading a suspicious encrypted archive will also trigger a prompt to enter the file’s password, but in this case, both the file and the password stay on the local device and only the metadata of the archive contents are checked with Safe Browsing. As such, in this mode, users are still protected as long as Safe Browsing had previously seen and categorized the malware.
New Notification System for File Downloads
Another significant change to Safe Browsing is the introduction of a two-tiered notification system for file downloads:
1. Suspicious Files: These are files that Google’s vetting engine has flagged with a lower confidence verdict and an unknown risk of user harm.
2. Dangerous Files: These files have a high confidence verdict of posing a significant risk to users.
The new tiers are distinguished by specific icons, colors, and text to help users easily understand the level of risk associated with each file. According to Google, these improvements have led to users bypassing fewer warnings and heeding them more quickly, resulting in better protection from malicious downloads.
Previous and Current Safe Browsing Notifications
Previously, Safe Browsing notifications were less differentiated, making it harder for users to assess the risk level of downloads. The new system aims to provide clearer and more consistent warnings, enhancing user behavior towards potential threats.
Despite these enhancements, Chrome has faced criticism for its stance on third-party cookies, which allow companies to track users across multiple websites. Google’s Privacy Sandbox, proposed as an alternative to tracking cookies, has also been criticized for not sufficiently protecting user privacy.
Despite the criticisms, Chrome has been at the forefront of introducing security measures like a security sandbox, which isolates risky code to prevent it from interacting with sensitive data and operating system functions.
Recommendations for Users
For those who use Chrome, we highly recommend enabling Standard Mode Safe Browsing. Users who have experience and can judiciously decide which files to send to Google should consider using Enhanced Mode for an added layer of protection.
Conclusion
Google’s redesign of Chrome’s malware detection and introdusing a two-tiered notification system are steps forward in enhancing user safety. By including the ability to scan password-protected files, Chrome aims to provide deeper protection against malicious threats. While balancing security and privacy remains a challenge, Chrome continues to lead in innovative security measures, ensuring a safer browsing experience for its users.