Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Chrome Encryption Google

New Chrome Feature Scans Password-Protected Files For Malicious Content (thehackernews.com) 24

An anonymous reader quotes a report from The Hacker News: Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files. Each category comes with its own iconography, color, and text to distinguish them from one another and help users make an informed choice.

Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In cases where such files are embedded within password-protected archives, users now have the option to "enter the file's password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed." Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections.

This discussion has been archived. No new comments can be posted.

New Chrome Feature Scans Password-Protected Files For Malicious Content

Comments Filter:
  • by vbdasc ( 146051 ) on Friday July 26, 2024 @08:10AM (#64657114)

    If I need to enter a password to get the malicious content in a file, then it can't infect me without my actions being actively stupid.

    With all that said, I sometimes send password-protected files with viruses for analysis. And whoever analyses these files has much better tools than Chrome at his disposal. Also, I don't want Google knowing what viruses I do encounter.

    • by AmiMoJo ( 196126 )

      Anyone analysing viruses should have a web based uploader. Email is next to useless for malware submission, because most popular email platforms don't let you send executables at all, and increasingly not password protected archives either. And even if you do, between your server and theirs it might get rejected.

    • There are plenty of people who are 'stupid' enough to get infected this way. The question is, will they be smart enough to use this feature?
      • Exactly. Lots of blabber here by tech savvy people. They aren't looking to snag you. This is scattershot across millions looking for the gullible grampa or auntie who sees "you're computer is infected. Click here now!"

      • Will they be smart enough to use this feature?

        Answer: Nope.

        The smart ones will question why they need to enter the password in the first place and click off of it, enter the password into Windows' archive extraction dialog, get infected with ransomware.

        The dumb ones will dutifully enter the password into Chrome every single time, read the dialog that nothing was found, Google gets more surveillance data to sell.

        Either way the bad guys win.

    • by tlhIngan ( 30335 )

      If I need to enter a password to get the malicious content in a file, then it can't infect me without my actions being actively stupid.

      With all that said, I sometimes send password-protected files with viruses for analysis. And whoever analyses these files has much better tools than Chrome at his disposal. Also, I don't want Google knowing what viruses I do encounter.

      Lots of people just blindly do things if the reward is big enough. Probably millions of people walked through installing an SSH server on thei

  • by Anonymous Coward

    For my gold-plated daily dose of hatted alumina... How can one be sure this 'feature' won't be weaponized against the user it is purporting to protect?

    Thank goodness for Ladybird browser.

  • by Pseudonymous Powers ( 4097097 ) on Friday July 26, 2024 @08:32AM (#64657176)
    "Please enter another password, which we will store unencrypted, into your web browser. This is for security."
    • by sinij ( 911942 )
      More like, " We cannot allow you to access your data until you disclose your decryption password, for your own safety prole".
  • "Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections."

    I'm sure that no employers would mind an employee willingly facilitating data exfiltration by uploading a protected file along with the password to unlock it to a third party just because that party says they'll delete both "a short time" later, pinky swear. I'll bet that regulatory bodies won't have a problem with that either.

    • I'm sure Alphabet would never abuse this to look into "Strategic Plans for Nuclear Triad.zip". :)
  • What could possibly go wrong?

  • our AI model ...
  • Comment removed based on user account deletion
  • You know, a *lot* of things can happen within a fraction of a second. The only acceptable solution would be a scanner run only locally, which only receives virus definitions from the internet without sending anything out.
  • So Google is admitting they can and do read protected files?
  • >"Google emphasized that the files and their associated passwords are deleted a short time after the scan and that the collected data is only used for improving download protections."

    Um, riiiiiiiiight. I trust Google with that. Not. I can think of many cases where this could go wrong- intentionally or accidentally. And if you cared enough about security to jump through the extra hoops, you would likely already be familiar with good ways to treat suspect files and identifying the sender, first... in w

    • So I do see the need for additional typical-user protections

      Just remember that the ultimate protection for the typical-user is a chauffeur. I.e. They don't touch anything and have someone else (Google would love to I'm sure) do all of their computing for them.

  • oppressive regimes would like to use on their people. This is a highly dangerous technology and Google should not be allowed to set a precedence here.

    If Google _really_ would want to do something against malware, they'd phase out Javascript (and Websocket) from external domains.

% "Every morning, I get up and look through the 'Forbes' list of the richest people in America. If I'm not there, I go to work" -- Robert Orben

Working...