Google Chrome enhances malware detection, now scans password-protected files
Google is upgrading its Chrome malware detection system to include password-protected executable files for in-depth scanning, according to the Chrome Security team. The team recently revealed that current malware distribution trends prevent all deep scans from being conducted automatically. They noted that attackers often hide malicious software in encrypted archives like .zip, .7z, or .rar files protected by a password.
New protection mechanisms for Safe Browsing
To counteract this evasion technique, Google has unveiled two protection mechanisms based on the user's selected mode of Safe Browsing in Chrome. For users who have activated Enhanced Mode in Safe Browsing, downloads of suspicious encrypted archives will now prompt them to input the file's password. This password will be sent along with the file to Safe Browsing for a comprehensive scan.
User data privacy during malware scanning
The files and passwords uploaded for scanning are deleted shortly after the process, with all collected data used solely to enhance download protections. Users who use the default Standard Protection mode in Chrome will also be prompted to enter the file's password when downloading a suspicious encrypted archive. However, in this mode, both the file and password remain on the user's local device while only metadata of the archive contents are checked with Safe Browsing.
Two-tiered notification system for downloads
Google is also launching a two-tiered notification system for downloading files: suspicious files with unknown risk of user harm and dangerous files posing a high risk of user harm. These tiers are differentiated by icons, color, and text to facilitate easy user distinction between varying levels of risk. Google assures that files and passwords will be promptly deleted after scanning, but warns that mishaps can occur and may not be discovered for months or years.
