It is no secret that Google Chrome has a built-in antivirus in its web browser but its users have been caught off guard as reportedly, it is also scanning for malware on people’s computers.
Recently, Kelly Shortridge, IT Security expert noticed the Chrome Cleanup Tool (CCT), which became an integral part of the browser in 2017, scanning files on her computer. The tool specifically scanned files in the Documents folder of her computer which led to her voicing privacy concerns on Twitter.
I was wondering why my Canarytoken (a file folder) was triggering & discovered the culprit was chrome.exe. Turns out @googlechrome quietly began performing AV scans on Windows devices last fall. Wtf m8? This isn’t a system dir, either, it’s in \Documents\ pic.twitter.com/IQZPSVpkz7
— Kelly Shortridge (@swagitda_) March 29, 2018
In the light of the recent Facebook’s Cambridge Analytica scandal, the trust of many internet users in the tech giants has taken a hard hit thus making the privacy concerns of people quite valid.
The company has responded to user’s concern as Justin Schuh, Google security team lead took to Twitter to explain that no scanned data ever leaves the system and none of the user’s files ever are pushed to the cloud.
Potential data collection and associated consents are described in the Chrome Privacy Whitepaper, and every cleanup action requires an explicit user approval. The team is investigating more opt-outs, but that balances against the potential for abuse. 3/3https://t.co/1squ5jmPLl
— Justin Schuh 😑 (@justinschuh) April 1, 2018
Apparently, the malware scanning feature has been present in Google Chrome for quite some time and is an updated version of the Chrome Cleanup Tool (CCT).
Despite company’s claimed good intentions, it should have been explicit about what the built-in antivirus in Google Chrome is capable of.
This again reminds us of the recent scandal where the company kept records of all the text and call data of Android users. Though the company asked for permission, it failed to relay the impact of granting such permission.