Chrome will now prompt some users to send passwords for suspicious files
Google is enhancing Chrome's malware detection by allowing users to upload password-protected files for scanning. A new notification system will categorize downloads as "suspicious" or "dangerous" to improve user awareness.
Read original articleGoogle is enhancing Chrome's malware detection capabilities by allowing users to upload password-protected executable files for deep scanning. This change aims to improve the identification of malicious threats, particularly those hidden in encrypted archives like .zip or .rar files. Users with Enhanced Safe Browsing mode will be prompted to enter the password for suspicious files, which will then be sent to Safe Browsing for scanning. Google assures that both the file and password will be deleted shortly after the scan. For users in Standard Protection mode, the password and file remain on the local device, with only metadata checked against Safe Browsing.
Additionally, Google is introducing a two-tiered notification system for downloads, categorizing files as either "suspicious" or "dangerous" based on their risk level. This aims to improve user awareness and response to potential threats. Despite these advancements, users are advised to exercise caution, especially with sensitive files, as there may be concerns about data handling. Chrome continues to support third-party cookies, which has drawn criticism from privacy advocates, but it remains a leader in implementing security features like a security sandbox to protect user data. Users are encouraged to keep Safe Browsing enabled and consider using Enhanced Mode for better protection against malware.
Related
Google says it won't be 'deprecating third-party cookies' in Chrome
Google opts not to deprecate third-party cookies in Chrome, focusing on Privacy Sandbox APIs for user privacy. The decision aims to balance privacy and ad-supported internet, addressing industry concerns effectively.
In shock decision, Google abandons third-party cookie deprecation plans
Google has changed its strategy regarding third-party cookies on Chrome, opting for a user prompt for preferences. Pressure from regulators and industry concerns led to this decision. Google plans to enhance Privacy Sandbox technologies for better ad performance.
Why Privacy Badger Opts You Out of Google's "Privacy Sandbox"
The latest Privacy Badger update allows users to opt out of Google's Privacy Sandbox, raising privacy concerns despite being less invasive than third-party cookies. Privacy Badger aims to protect user privacy online.
Google rolls back decision to kill third-party cookies in Chrome
Google has decided to keep third-party cookies in Chrome, allowing users to control their usage. This move, criticized by privacy advocates, prioritizes advertisers over user privacy. Users can enhance online privacy with tools like Privacy Badger.
Google scraps plan to remove third-party cookies from Chrome
Google abandons plan to remove third-party cookies in Chrome, opting for user choice feature. Concerns from advertisers led to Privacy Sandbox initiative for balanced online advertising and data privacy. Collaboration ongoing for a new privacy-friendly solution.
Attackers often make the passwords to encrypted archives available in places like the page from which the file was downloaded, or in the download file name. For Enhanced Protection users, downloads of suspicious encrypted archives will now prompt the user to enter the file's password and send it along with the file to Safe Browsing so that the file can be opened and a deep scan may be performed”
So, what group of users will actually do that? They’d have to a) know they got a suspicious file, b) know how to find its password, and then c) upload it to Google.
I think b) definitely is too hard for most users. Chances are quite a few will send their own password instead.
Also, if Chrome can prompt the user for the password, and it is “available in places like the page from which the file was downloaded, or in the download file name”, why can’t Chrome look there for that password? I bet Google’s engineers can write something that’s better at that than the average user.
Edit: There’s a slight security risk there, but Chrome could also decrypt the file locally and keep the password on the local system, couldn’t it?
How long before someone recreates this "prompt" in a page or addon and cons people out of their passwords?
Related
Google says it won't be 'deprecating third-party cookies' in Chrome
Google opts not to deprecate third-party cookies in Chrome, focusing on Privacy Sandbox APIs for user privacy. The decision aims to balance privacy and ad-supported internet, addressing industry concerns effectively.
In shock decision, Google abandons third-party cookie deprecation plans
Google has changed its strategy regarding third-party cookies on Chrome, opting for a user prompt for preferences. Pressure from regulators and industry concerns led to this decision. Google plans to enhance Privacy Sandbox technologies for better ad performance.
Why Privacy Badger Opts You Out of Google's "Privacy Sandbox"
The latest Privacy Badger update allows users to opt out of Google's Privacy Sandbox, raising privacy concerns despite being less invasive than third-party cookies. Privacy Badger aims to protect user privacy online.
Google rolls back decision to kill third-party cookies in Chrome
Google has decided to keep third-party cookies in Chrome, allowing users to control their usage. This move, criticized by privacy advocates, prioritizes advertisers over user privacy. Users can enhance online privacy with tools like Privacy Badger.
Google scraps plan to remove third-party cookies from Chrome
Google abandons plan to remove third-party cookies in Chrome, opting for user choice feature. Concerns from advertisers led to Privacy Sandbox initiative for balanced online advertising and data privacy. Collaboration ongoing for a new privacy-friendly solution.