Vulnerability
Chrome Cleanup Tool Gets an Important Security Update

Many people don’t know that Google Chrome includes a tool that can remove unwanted software and malware. The tool is called the Chrome Cleanup Tool. The tool was created by ESET and scans the computer for browser affecting malware, adding an extra layer of safety. The utility is built into Chrome and removes malware that injects ads to executes unwanted behavior on the browser.
While this all sounds great, there are problems with the software. For example, it doesn’t allow the removal of extensions that are force-installed through Windows group policies. Force-installed extensions, as the name would suggest, as extensions that are installed without the user’s interaction. This does have legitimate applications, for example, companies may want to set these up so that their employees have the extensions they will need to use frequently pre-installed into chrome. However, hackers can utilize the technology to install malware onto browsers this way.
What makes the issue even more complicated, is that the malicious extensions cannot be removed easily. To remove the malicious extensions that are installed through Windows group policies, they need to modify the registry. This is not an intuitive process for most chrome users, making them vulnerable to this kind of attack.
However, this is about to change with a new update. In the update, the tool will now be able to detect force-installed extensions and remove them. When the update has been rolled out, the cleanup tool will detect malicious software and prompt the user to remove it, providing instructions. This is great news for force installed extensions and should provide a layer of security to Chrome users. However, the cleanup tool still needs some tweaking.
In tests, the Chrome Cleanup Tool doesn’t perform well at detected malware extensions that inject ads into Chrome, letting them carry on undisturbed. This is likely something Google is working on to improve in an attempt to provide more security to users.