A security expert has warned Google Chrome users that a feature on the popular web browser has been scanning private files without their consent.
Chrome’s built in antivirus software, Cleanup Tool, which was introduced 2014, is meant to keep the browser safe from malware and bloatware.
However, a New York based security expert has discovered that Chrome’s Cleanup Tool isn’t only scanning for malware.
Cybersecurity expert Kelly Shortridge recently noticed that Chrome was also scanning files and documents on her Windows PC and was alarmed about what data it might be collecting.
I was wondering why my Canarytoken (a file folder) was triggering & discovered the culprit was chrome.exe. Turns out @googlechrome quietly began performing AV scans on Windows devices last fall. Wtf m8? This isn’t a system dir, either, it’s in \Documents\ pic.twitter.com/IQZPSVpkz7
— Kelly Shortridge (@swagitda_) March 29, 2018
Posting on Twitter, Kelly said:
“I was wondering why my Canarytoken (a file folder) was triggering and discovered the culprit was Chrome.
“Turns out Google Chrome quietly began performing AV scans on Windows devices last fall.”
Speaking to Motherboard, Kelly said: “In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation—even just to preemptively ease speculation.”
Kelly added that while Google’s intent was “clearly security-minded”, “the lack of explicit consent and transparency seems to violate their own criteria of ‘user-friendly software”.
However, Chrome’s head of security Justin Schuh responded to Kelly’s tweet, writing:
“The Chrome Cleanup Tool (CCT) is not a general purpose anti-virus.
“CCT’s sole purpose is to detect and remove unwanted software manipulating Chrome.
“Potential data collection and associated consents are described in the Chrome Privacy Whitepaper, and every cleanup action requires an explicit user approval.
“The team is investigating more opt-outs, but that balances against the potential for abuse.”
The discovery comes at a time when privacy concerns are at the forefront of user’s minds, largely due to the recent Facebook data scandal involving British firm Cambridge Analytica, which harvested data from 87 million Facebook users without their knowledge.
The data was then mainly used to target voters in the US with political adverts and helping to spread disinformation.