Skip to main content

Chrome’s built-in scanning tool is now causing a privacy uproar

A recent tweet from Kelly Shortridge at cybersecurity startup SecurityScorecard recently stirred the privacy hornet’s nest regarding Google’s Chrome browser. She’s referring to Chrome Cleanup, a component in the browser dating back to 2014 designed to scan and remove malware and bloatware that could compromise Chrome’s performance. But given the recent Facebook scandal involving Cambridge Analytica, privacy advocates are now on red alert. 

In its early days, Google’s Software Removal Tool was a downloadable component to remove junk software that could cause issues with Chrome, such as the Ask Toolbar. It’s still available as a download now dubbed as the Chrome Cleanup Tool, but the company decided to overhaul this tool and inject it directly into the browser itself in October 2017, renaming it to Chrome Cleanup. 

Recommended Videos

“Sometimes when you download software or other content, it might bundle unwanted software as part of the installation process without you knowing,” the company said at the time. “That’s why on Chrome for Windows, the Chrome Cleanup feature alerts people when it detects unwanted software and offers a quick way to remove the software and return Chrome to its default settings.” 

Please enable Javascript to view this content

Chrome Cleanup is based on detection technology provided by IT security company ESET combined with Google’s sandbox technology designed for Chrome. It’s not meant to replace your current anti-virus program, but merely detects and removes software that violates Google’s unwanted software policy. That policy applies to software deemed deceptive, piggybacks on the installation of another program, affects the user’s system in “unexpected ways,” and so on. 

The built-in version of Chrome Cleanup resides under Settings > Advanced > Reset and clean up > Clean up computer. Click on the arrow, and a new screen appears with a tool for scanning and removing harmful software. Chrome supposedly does this automatically, but you can manually scan for harmful software for better peace of mind. You can also opt out of Google’s reporting component if you feel that the company is just a little too creepy with this PC-scanning tool. 

The problem with Chrome Cleanup is that users have no way of turning it off. One Chrome user points out a solid complaint: The browser should not have the ability to scan the PC without explicit user consent. Windows 10 users can turn off Windows Defender. Why not Chrome Cleanup? Even more, why is it scanning the Documents folder? 

Google’s Justin Schuh spoke out against the recent privacy concerns over Chrome Cleanup, stating that it isn’t a system-wide scan or filter. It runs for up to 15 minutes in the background once a week using normal user privileges to scan browser hijacking points that could redirect the browser elsewhere. 

“The Chrome Cleanup Tool is not a general purpose AV,” he says. “The CCT’s sole purpose is to detect and remove unwanted software manipulating Chrome. The engine is a heavily sandboxed subset of ESET. Every cleanup action requires an explicit user approval.”

He said the team is currently investigating more options to opt-out of Chrome Cleanup, but “that balances against the potential for abuse.” 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more
Google says Chrome is now 20% faster on Macs
A MacBook with Google Chrome loaded.

If you feel like Google Chrome is running faster on your Mac, then you're not mistaken. Google recently shared some new statistics behind the web browser, and is claiming that Chrome is now 20% faster on Macs based on the Speedometer benchmark testing.

According to Google's data, Chrome on Mac hit over 360 on Speedometer testing. That comes just three months after the browser became the highest scoring browser on Speedometer, ever with a score of 300. For reference, Goggle tested Chrome on the M1 Max MacBook Pro running macOS 12.3.1, with Chrome version 104.0.5102.0. The browser was the ARM64 native optimized version. The below graph shows the differences between older and newer Chrome versions in scoring, where higher scores are better.

Read more
Use Google Chrome on Mac? You need to update now
A MacBook with Google Chrome loaded.

Google has sent out a necessary update for the Chrome web browser for the Mac to address a major security hole that was discovered on March 23.

The bug, called CVE-2022-1096, was documented in the Common Vulnerabilities and Exposures (CVE) system by Google developer Prudhvi Kumar Bomman, after an anonymous security researcher discovered a hole in Chrome’s V8 JavaScript engine that left it vulnerable to exploits.

Read more