Google Chrome Amps Up Security: New Scans for Encrypted Downloads
Google recently made improvements to Chrome's Enhanced Safe Browsing feature, which, as previously mentioned by Landian.news, includes a full-screen red popup warning users against downloading malicious files. However, that's not all there is to it.
The company revealed that the new Enhanced Safe Browsing would perform rigorous scans of downloaded files to detect any malicious content. Previously, when Enhanced Safe Protection was enabled (which will also be enabled by default), Chrome would send the metadata of suspicious files downloaded by the user to servers for a deep scan.
Now, Google will by default send files detected as suspicious to Google servers for scanning. If the suspicious file is password-protected, Chrome will prompt the user to enter the password before sending it to the server for a safety scan.
Commonly, password requests for scanning involve various types of compressed files, such as those compressed with ZIP, RAR, or 7Z, which have been password-protected. In such cases, Chrome will display a password prompt.
Of course, these steps are optional, as Google cannot force users to enter passwords. Users have the option to always download without entering a password, though this might weaken the security by preventing deep scans of the files.
Regarding these security improvements, the Chrome team stated:
"Security warnings differentiate through images, colors, and text, making it easier for users to quickly and confidently make the best decisions for themselves based on the nature of the danger and the certainty level of safe browsing.
Overall, these clear and consistent improvements could reduce the chances of users downloading malicious files and lessen the frequency of bypassing security warnings, thereby enhancing user experience."
Google, as always, emphasizes that all collected data is solely for security monitoring purposes, such as the downloaded files and entered decompression passwords, which will remain on the local device. Safe Browsing will only check the metadata of the file contents.
Nonetheless, this still poses a potential security risk for businesses, as IT administrators may emphasize in security training sessions that employees should not provide passwords to Chrome, to prevent potential leaks of internal or confidential files through Chrome, given that technology companies' assurances are not always reliable.