Google rolls out new security features in Chrome for Windows
Google announced today that it is in the process of rolling out an update for Chrome for Windows that improves the security of the web browser.
Chrome news have hit a rough patch in recent months thanks to malicious extensions doing all sorts of negative things when they are installed on user systems.
The new safety features that Google announced today don't remedy that situation, but they may help Chrome users on Windows in other ways.
Philippe Rivard, Chrome Cleanup product manager at Google lists three improvements that Google added to Chrome to "help Chrome for Windows users recover from unwanted software infections".
The first feature detects if Chrome settings have been changed without user consent. The browser displays information on those changes to the user, and it is up to the user to restore the original settings or to hit the cancel button to leave the settings as they are.
Rivard notes that users can reset their profiles at any time by loading the chrome://settings/resetProfileSettings internal page of Chrome.
This feature is already available in recent versions of Google Chrome.
Chrome Cleanup Tool
The second feature acts like an unwanted software cleaner on the Windows machine. Chrome detects the installation of unwanted software.
A prompt is displayed that gives users the option to remove the unwanted software from the operating system, and to restore Chrome settings so that the browser works normally.
Scenarios where users may see the prompts include the following ones:
- Popup ads are displayed and won't go away.
- Chrome homepage or search engine are changed, and keep changing to pages and services without your permission.
- Unwanted Chrome extensions or toolbars are installed, and come back when removed.
- Redirections to unfamiliar sites happen regularly.
Chrome users may run the Chrome Cleanup Tool manually at any time following the instructions below:
- Load chrome://settings/cleanup in the browser's address bar.
- Decide whether you want to opt-out of sending report details to Google.
- Activate the find button to start the process.
Last but not least, Google partnered up with IT company ESET to improve the detection and removal of unwanted software. This means basically, that Chrome will assist Windows users who have unwanted software on their devices with the recovery.
Closing Words
Google benefits from improvements in regards to unwanted software and manipulation by extensions in two ways: first in giving users a sense of security and assistance, and second in restoring default values for homepage and search.
Chrome's improved cleanup routines are no replacement for antivirus software however. The browser will detect only unwanted software and changes made to Chrome, and not other malicious behavior (unless it is caught by safe browsing).
It remains to be seen how the new routines impact the browser's performance and memory usage.
Now You: What's your take on the current Chrome security situation?
Interestingly enough, if I leave this website open in a tab within an hour or so I come back and find one of those “oh snap, something went wrong” error messages and a blue “reload” button.
Running latest Windows 10 x64 Home 1803, and latest Chrome x64 beta,
https://fonts.google.com/specimen/Roboto immediately fails differently in Chrome and IE11 and works well in Edge. This is just one example of a problem….
No need to install ‘Google Chrome’ browser. Try using its open-source mother; Chromium. Problem solved.
incorrect.
chromium still connects to google servers.
So glad i use palemoon.
it may have a low usage share but i dont care what the majority of the world is using as with palemoon i do not have to tolerate all this creepy nonsense.
You do realize that Pale Moon has beacon enabled by default. Their telemetry seems to go to Mozilla.org; at least, looking at about:config. Actually, I use both.
What version/fork of Firefox does not have beacon enabled? Telemetry can easily be disabled and the paranoid have the option of completely destroying the functionality. Both are non-issues in my opinion. Anyone concerned likely has the ability and the knowledge to be able to opt out. Every browser that I know of has compromises. Here’s a question. How does your version/fork do with resource URI leakage, by default? [https://browserleaks.com/firefox] ;)
Brace yourselves, the anti-Google tin foil hats are coming.
But it works: http://www.lemonde.fr/europe/article/2017/09/11/amende-europeenne-record-google-depose-un-recours-en-annulation_5184030_3214.html
“Ce recours n’est pas suspensif ; Google devra donc payer l’amende.”
GOOGLE TRANSLATE: This appeal is not suspensive; Google will have to pay the penalty.
Na.
@: Gavin
‘Brace yourselves, the anti-Google tin foil hats are coming.’
Well, if the tin foilers are picking on Chrome at least they are not bitching about Firefox (which is more usual) :)
I will not make a decision on Chrome until more detailed information is made available. I use only three extensions (uBO, HTTPS Everywhere and BitDefender TrafficLight) which is enough additional privacy and security for me. The ESET component concerns me most – I need to know more. If I see no advantage and many disadvantages, I will keep Chrome as my browser only if the feature is opt-out. I assume it will be on by default.
ESET in partnership with Google? Thanks for the info, next week I’ll uninstall NOD32 in all friends’ computers.
ESET technology has also been integrated into Facebook for years… Not sure why you’d uninstall ESET because of this.
What benefit does eset get from google, a brand link, google’s name is tarnished for many these days. When I think of ESET I think of privacy and security, when I think of facebook or google I think the opposite of privacy and security. This news disturbs me as well.
My friends do not use Facebook.
I have the impression that under some circumstances the Chrome Cleanup tool will scan your computer. I have always disabled both “Automatically send some system information and page content to Google to help detect dangerous apps and sites” and “Continue running background apps when Chrome/Vivaldi is closed.” What else needs to be done to prevent the Goolag from scanning my computer? They can’t even properly scan extensions and I’m supposed to trust them scanning my computer? I say that because more than one article implied that scanning a computer or mobile device is part of the new wonderful added feature. Do I actually need to uninstall Chrome stable and Dev? Uninstalling Chrome is not a problem, I just wanted to keep an eye on development. But what is even more important is that I Do Not Need or Want a Browser Scanning My System!!!!!!!!!! When Google solves their extensions security problem I’ll think about letting them scan my devices. Not!
“Google also says Chrome Cleanup isn’t a general-purpose antivirus, which means users would still need separate software, leaving them with two programs constantly scanning their PC.” – androidpolice[.]com
@Richard Allen
Google Chrome tracks your computer even if you don’t open it on a given day: I noticed that, most of the times, two GoogleUpdate.exe processes are running right after I boot into Windows (probably to check for updates). This alone is very intrusive but…
The worst part is, just from this simple “check” they already got your IP address (and who knows, maybe more than that, like an unique fingerprint based on your machine).
Now if you browse the web with any browser of your liking, they will tie up that IP address to any request made to Google servers (be it via using Google services, be it via “silly” requests like ones made to fonts.googleapis.com and etc).
TL;DR: you’re being tracked since you boot into Windows.
If Google continues with this bullshit of turning Chrome into a complete botnet “suite” (if it’s not already) I will definitely uninstall it from all my computers. Firefox is already my default browser for some months now. It’s a shame because I too like to have both installed to keep an eye on new features.
@Tom Hawack
VPN? No. I would much rather just annoy the hell out of everyone trying to track me. Not going to worry about total anonymity.
I don’t see the default version of Chrome as being anymore invasive when it comes to privacy than most other browsers at their default settings. A lot of it depends on services used (update being one), search engines used and websites visited. Chrome actually has a surprising amount of options in the settings, flags and with command line switches. Referer info, hyperlink auditing, QUIC and Push can all be disabled. You can block scripts loaded via document.write, enable TLS 1.3, disable cipher suites, lots of control over prefetch, preconnect, prerender and predictor, I use DNS preresolve (Chrome Dev). You can even limit the cache size, kinda, sorta. And many other changes can be made but most people won’t bother. Granted, Chrome doesn’t come close to the privacy and security options that FF ‘offers’ but I don’t think it’s completely and unequivocally horrible, potentially speaking. ;)
All that said, Chrome never has been nor will it ever be my primary browser, I just don’t trust google. Sorry. And that being said by a long-time serious android fanboy speaks volumes. FF or a fork has always been my default. The main reason I’ve had Chrome installed is so that I would have the ability to help family, friends and the occasional customer. I quite recommending FF or Any browser years ago. Setting up FF has always ended up being a problem with call-backs about UI changes, or the new icon in the address bar, or their bank has a popup telling them to update their browser, or they can’t watch their cat video on MyFace. Or out of frustration they installed a ‘neked’ default version of Chrome and at some point I would then get a phone call after they ended up with 300+ malware objects on their computer, and they are unable to surf the interwebs, go figure.
Performance and ease of use are my primary goals. For example, I would Never globally block third-party iframes or javascript on someone else’s computer. No thank you very much! Privacy and security are extremely important but even on my computers performance and ease of use are at the top of the list. I personally block third-party frames w/uBO, use Canvas Defender, No Resource URI Leak (clone) which will not be needed with FFv57, No-Script Suite Lite (js blacklist/whitelist), FF Tracking Protection and my hosts file, that’s it. And I probably use 98% of the security – privacy about:config entries that you do. Anyway, I’m stuck with FF because of my unhealthy addiction to userChrome, userContent and userScripts. Just wanted to explain why I had one foot in the dark side. The Horror! The Shame! LoL
@John,
“If Google continues with this bullshit of turning Chrome into a complete botnet “suite” (if it’s not already) I will definitely uninstall it from all my computers. Firefox is already my default browser for some months now. It’s a shame because I too like to have both installed to keep an eye on new features.”
If I were you (I know, I’m not) I’d simply uninstall the Google Chrome browser, have a look if any Google service is remaining, clean them up, open the Registry (take care) search for Google keys, search your browser files with a tool such as ‘Everything) to find unnecessary Google folders/files.
Then, when using Firefox (or Waterfox), or Pale Moon, or whatever other browser than Chrome, beware as much as possible of connections to Google servers. Impossible to control them all but one can limit the intrusions with the best privacy/security add-on/extension available : uBlock Origin.
You must know all that already and I understand your wish to have both installed (Chrome & FF) ” to keep an eye on new features” but, frankly : make an exception for Chrome …
As Richard Allen notes it above, “now that I’ve talked about it out in the open. I can feel the goolag looking over my shoulder. :-D” — I should have posted via a VPN :)
@John
“I assume that I only need to put the “gupdate” on “Manual” mode and remove (or maybe disable is just enough) the scheduled tasks to keep Google Update under control?”
Yep, that’ll work. Disabling the tasks instead of deleting them should be enough, I think I’ve done that in the past. I’ve been “Manually” updating Chrome for quite some time, 2-3 years maybe, I’m not sure to be honest. When going to Settings/Help/About Google Chrome, as soon as I open the page, if there is an update, it will then take care of business. After changing the service to manual, don’t forget to stop all the google update services that are running. I don’t remember a browser update ever re-enabling the service or reapplying the tasks after I deleted them. But…I figure at some point google will give me the one finger salute. Especially now that I’ve talked about it out in the open. I can feel the goolag looking over my shoulder. :-D
@Richard Allen
I have two services related to Google Update here, Google Update Service (gupdate) and the Google Update Service (gupdatem). The former is on “Automatic (Delayed Start)” and the latter on “Manual”.
I assume that I only need to put the “gupdate” on “Manual” mode and remove (or maybe disable is just enough) the scheduled tasks to keep Google Update under control?
About the “cleanup” tool, I too would like more information about this but, given the lack of details, I think we will only know for sure when it’s already on “production”, which will be in a few days. Personally, I will only keep Chrome installed if that option is (at least) opt-out, i.e. you can disable it completely via chrome://settings.
If not, I’m out. I will uninstall Chrome and probably install Vivaldi, just to have a backup Chromium browser installed – because there are some services that performs better on WebKit/Blink atm. Like is with all browsers, there are advantages and disadvantages to each.
Wow! No one called me out on my over-dramatic impersonation of a drama king? I for sure thought some diehard Chrome fans would have burned me at the stake by now. :-D
I for one would like more information and a clarification on what ‘settings’ are needed to enable the Chrome Cleanup functionality. Safe browsing? Don’t use any form of it in any browser. I also have everything in Settings/Privacy and security disabled except for “Use a prediction service to load pages more quickly” but then I block third-party cookies which prevents all types of prefetching except for dns, as far as I can tell and according to the “Google Chrome Privacy White Paper”. And… I have not… at this point in time… ever seen a Chrome process after shutting down Chrome stable or Dev.
@John
I have Google Update disabled. :-p
Instead of going into the registry, I changed the Google Update Service from “Automatic (Delayed Start)” to manual. And, I think there were two tasks in the Task Scheduler and I deleted all of them. I get an rss feed for the Chrome Releases Blog so I always know the day of about updates. When I go to Help/About Google Chrome and open that page it will then update Chrome. Boom Shaka Laka! :-D
Considering all the privacy issues Google Chrome already stands for this extension debacle should be an eye opener for many who are running this browser or are considering to install it. Generallyl I am clearly staying away from Google products since I do not trust them at all. Which actually is a shame, they do offer some good stuff. But it is simply getting too much. Windows is pulling your pants down, advertising creeps are tracking every move we make, government has moved into our homes, Alexa and other junk is listening to what we have to say. Our smartphone providers know more about us than our spouses and drones count the hairs on our backs (if not more). Doctors and other healthcare providers want us to have accounts so they exchange information with us and everybody else who can hack into it. Everybody has to do online banking since it it so easy and provides hackers with a living, which is a nice touch. We have to have an account for everything, I call us account maniacs. We have to be informed about every little poop our oh so lovely children accomplish at school. Yes, your little darling is breathing all by itself and already is able to spell the most just word in the US: Fu….. And practiced it on the teacher. How sweet, this is an A++.
And so on. Boy, I was drifting off topic. Sorry for this, but maybe you can open another account at “dooropen.shit” so your door can send you a text message after you opened it to let you know that you opened it. And then you may receive a call from your washing machine to inform you it is having a bad day and needs attention, so put in some softener to make it feel better. Looking at all this crap, I changed my mind and will install Google Chrome. It doesn’t matter anymore since we have given up our right for privacy in exchange for “free” blinking, colorful spy toys. We are so stupid that we deserve to be spied on. Think about it.
LOL. Thanks for the laughs. I can’t wait to text with my door :)
@ Faulty5
I really enjoyed your post. It would have been great if you could have stayed off topic for a few more paragraphs. :)))
PS You didn’t post a link to the site where I can order my ‘free’ blinking, colorful spy toys. :(
Try this: https://www.amazon.com/Spy-Gear-Go-Action-Camera/dp/B019K8JVTI
There is no doubt that Safari and Firefox are the best