A number of Google Chrome users recently became aware of the fact that not only does their browser allow them to surf the web, it also quietly scans their personal files without prior consent.
According to Motherboard, the culprit turned out to be the updated version of Chrome Cleanup Tool, which uses software from the cybersecurity company ESET to scans users’ files looking for malware targeting the browser. If suspected malware is detected, the Cleanup Tool then sends the suspicious file’s metadata to Google and asks the user’s permission to remove the potential threat.
This development came to light when cybersecurity expert Kelly Shortridge noticed that Chrome actually scans files located in the Documents folder on her PC.
I was wondering why my Canarytoken (a file folder) was triggering & discovered the culprit was chrome.exe. Turns out @googlechrome quietly began performing AV scans on Windows devices last fall. Wtf m8? This isn’t a system dir, either, it’s in \Documents\ pic.twitter.com/IQZPSVpkz7
— Kelly Shortridge (@swagitda_) 29 марта 2018 г.
"In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation—even just to preemptively ease speculation," she told Motherboard. Shortridge pointed out that while their intent was "clearly security-minded", "the lack of explicit consent and transparency seems to violate their own criteria of ‘user-friendly software’."
Google Chrome Security Chief Justin Schuh insisted, however, that the Cleanup Tool’s sole purpose is to deal with "unwanted software manipulating" the browser.
CCT isn't a system-wide scan or filter. It runs weekly, at background priority and normal user privs, for up to 15 mins. It scans browser hijacking points, which may cause it to follow links elsewhere. The engine is a heavily sandboxed subset of ESET. 2/https://t.co/xYl0tNeHEa
— Justin Schuh 😑 (@justinschuh) 1 апреля 2018 г.