Chrome Browser PC Scans Come As Surprise

John Lister's picture

Google Chrome users have been surprised to discover that the Chrome browser scans their computers in search of malware. It doesn't appear to be a reason to panic, but arguably Google could have been more up front about it.

The scans were spotted by Kelly Shortidge who works at a cyber security company. She noticed that the chrome.exe executable file (which is visible in Windows Task Manager) was scanning files in her Windows documents folder. On further investigation, she discovered Chrome has been doing this since around October, 2017.

The scans are being done through Chrome Cleanup, a tool that is separate from Chrome and is accessible as a separate download from Google. It's specifically designed to find malicious software that affect the browser's operation - for example, those programs which add toolbars or popup ads, or by change the default homepage without permission. However, in this case it appears the scans are running through Chrome itself without users actively starting the scan.

Google Says Don't Worry

Google's Justin Schuh posted on Twitter to explain that what's happening here isn't the same as a normal full-blown security software scan. He says that the scan runs once a week in the background, taking up to 15 minutes.

He also noted that the scan only searches "browser hijacking points" - in other words, files and locations that could be used to alter Chrome and its settings - rather than looking everywhere for malware that could be hiding. However, he did note this setup "may cause it to follow links elsewhere." (Source:

Should Users Be Warned?

The tool doesn't automatically remove malicious software; instead, it alerts the user and asks to delete specific files. Google said in October that it has tweaked these alerts to be clearer about exactly what will be deleted. (Source:

Assuming the background scans work exactly as Google explains - and there's no reason to doubt this - they shouldn't pose a privacy risk to users or affect performance negatively. Instead, the real problem is that Google didn't make it clearer to users that the scans were happening. There's certainly an argument given recent scandals over computers and privacy that Google should have actively warned all users what was happening and why.

What's Your Opinion?

Do you see these scans as a positive or a negative? Should companies always ask or tell users before doing anything with files on their computer that wouldn't be expected? Would you opt out of these scans if that was an option?

Rate this article: 
Average: 5 (9 votes)


dbrumley3077's picture

Overall, I'd say it's a positive, however, I find it hard to understand why Google did this with, possibly, no intention of letting users know about it. I guess they can claim that keeping it a secret helps the scan to be more effective, but that may pale in comparison to the doubts that many who use Chrome will have. How can we be sure they are not scanning for something else? It does sound suspicious, especially in light of recent security breeches that seem to be an everyday event.

eb_turner_10735's picture

Is it safe to assume that Google Chrome Security is scanning browsers such as Vivaldi?


AEIO_'s picture

Oh. Come. On. Assuming you're not a clueless member of the general public (or the press -- WORLD ENDS NEXT WEEK, just like every week), they mentioned that's not the case: "browser hijacking points", or things "that could be used to alter Chrome and its settings."

Depending on how tight your tin-foil cap in on (and mine's not that loose) this is either a good thing or a bad thing. I personally though still think of people/sites/companies as trustworthy until they're shown themselves that they actively aren't, and not necessarily just because of a data breech.

I ask Google search about shovels and dead bodies and SURPRISE! caskets ads soon show up on random sites. That's not stalking, that's good business -- I AGREED that Google could use my search results "against me" and Google makes their info available to 3rd parties to help them sell THEIR products. QED. They're not out to get you, they're out to SELL to you.

Here, Google is trying to take care of Chrome so you don't start using something else. They MIGHT be out there scanning your system for foreign browsers and taking positive actions to break them so that you won't leave, or "just moseying around" your entire file system to see what goodies you haven't uploaded to Google Drive yet, or HEAVEN FORBID they're just trying to make sure that Chrome settings stay sane.

YOU've seen those plugins and what-nots where "you agree to change your home page and search page to our site for our _invaluable_ services", right? If not, look around -- it's not IE or FF newly making themselves the default browser, it's something else changing Chrome without Chrome always being involved.

You're going to have to prove to me that G is actively sabotaging other browsers before I care, and not just by accident. They MIGHT bump across other browser signatures in the registry or what-not; heck, I expect that they WILL. As long as Chrome and "other browsers" don't directly affect each other (The System Default Browser: There Can Be Only One). As long as they "take care of their own corner" I don't see the problem -- ESPECIALLY if they don't call home over it. Reporting overall fixes is still acceptable (restored home page), explicit details though begin to NOT be. (App X forced home page XXX. I *COULD* see how they'd want to find and talk to Vendor V that produced App X though, so I could see them reporting that. Heck, *I'D* want to, so I could certainly see that THEY'D want to.)

OTOH, scanning for specific things, like JihadBrowser (that only terrorists use, or EvilOfTheDayBrowser that only EvilOfTheDay users use) is what virus scanners, not browsers should do. Virus scanners scan literally EVERYTHING -- that's their job.

You realize MS Win 10 telemetry (and Android's My Activity -- go to, log in, click upper-right, My Account, My Activity, on the "Today" bar click the 2nd item, Android. You'll see GOOGLE can see each and every app you've recently run on your phone) is **much** more invasive that is Chrome "hunting for other browsers". Don't think that MS doesn't have a corresponding listing? (See: This is stored locally, and I forget how old this program *IS*. It's well before Windows 10 -- I think XP vintage, not sure. And wanna bet Win10 doesn't send that to MS?)

Chrome doesn't have to bother with that -- Google already KNOWS. Dunno about Linux, expect there wouldn't be much on that platform.

OTOH, just run Vivaldi ONLY -- I'm sure they don't include the scanner.