Skip to main content

Google on how Chrome’s new downloads tray UI is better for security

Avatar for Abner Li  | Jul 24 2024 - 10:11 am PT
0 Comments

Last year, desktop Chrome replaced the downloads bar for a new tray UI in the top-right corner and Google is now detailing how that redesign allows for more security warnings.

The additional space lets Chrome show more detailed warning messages that “convey more nuance about the nature of the danger and can help users make more informed decisions.” Based on the AI-powered Google Safe Browsing malware verdicts, Chrome has a two-tier download warning taxonomy that makes use of different color, icons, and text.

  • Suspicious files: Gray triangle (lower confidence verdict, unknown risk of user harm)
  • Dangerous files: Red stop sign (high confidence verdict, high risk of user harm)

Google says these updates have “resulted in significant changes in user behavior” like “fewer warnings bypassed” and “warnings heeded more quickly.” 

Meanwhile, those that have Safe Browsing’s Enhanced Protection mode “send the contents of suspicious files” to Google for deep scanning (as depicted below):

Suspicious files are a small fraction of overall downloads, and file contents are only scanned for security purposes and are deleted shortly after a verdict is returned.

Google says these additional scans “have been extraordinarily successful” by catching malware that’s new to Safe Browsing and “dangerous files hosted on brand new sites.” 

Since Enhanced Protection users have already agreed to send a small fraction of their downloads to Safe Browsing for security purposes in order to benefit from additional protections, we recently moved towards automatic deep scans for these users rather than prompting each time. This will protect users from risky downloads while reducing user friction.

Looking ahead, Google wants to protect against cookie theft malware and other malicious software hidden in encrypted archives – .zip, .7z, and .rar files — that require a password, thus limiting antivirus scans.  

To do so, Chrome will prompt Enhanced Protection users to provide and send the password to Safe Browsing so that what’s uploaded “can be opened and a deep scan may be performed.”

Uploaded files and file passwords are deleted a short time after they’re scanned, and all collected data is only used by Safe Browsing to provide better download protections.

Chrome downloads security

For Standard Protection users, Chrome will ask for the file’s password, but send “only the metadata of the archive contents are checked with Safe Browsing.” 

As such, in this mode, users are still protected as long as Safe Browsing had previously seen and categorized the malware.

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Google Chrome

Google Chrome

Available for Windows, Mac, and Linux, Google C…
Google Safe Browsing

Google Safe Browsing

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications