Last week we reported that Chrome has started displaying alerts more often that suggest users remove programs that are considered incompatible applications with Chrome because they inject code into the browser's processes. These alerts are displayed by Chrome after the browser crashes and suggest the user remove the listed programs because "this application could prevent Chrome from working properly."
One of the programs that a lot of users have seen listed in these alerts and is suggested to be removed is the Bitdefender antivirus program as shown above. Having a well known company like Google telling users to remove a security solution is a problem as these programs are important for many users to have installed on their computers in order to protect them from malware, unwanted programs, and malicious websites.
Due to these alerts and their suggestion to remove the antivirus software, Bogdan Botezatu, a senior e-threat analyst for Bitdefender, has told Bleeping Computer that as of August 20th, Bitdefender is no longer monitoring Chrome 66 and later with their anti-exploit technology.
"Starting with the Chrome browser version 66, Google has gradually rolled out a new feature that prevents third party software from monitoring the application’s processes. While this measure ensures that rogue applications do not interfere with the Google product, it also prevents security solutions from inspecting the browser’s memory in search of potentially dangerous exploit code.
With version 66, Google Chrome displays a post-crash warning asking users to remove the security solution if it monitors the browser’s processes, even if the security solution is not responsible for the respective crash. In order to prevent this message from occurring and having users unwarily uninstall the security solution - which would leave them exposed to a vast array of online threats, Bitdefender has issued an update to stop the Anti-Exploit technology from monitoring the Chrome browser. The update was delivered to customers on August 20th at 7:00 AM ET.
As a leading global cybersecurity technology company, Bitdefender is committed to providing cutting edge end-to-end cyber security solutions and advanced threat protection to more than 500 million users in more than 150 countries. We regret being forced into removing protection for one of the world’s most popular browser and we urge users to not uninstall their security solution they have installed on their computers."
This is obviously concerning as users who use both Bitdefender and current versions of Chrome will no longer be fully protected when browsing the web.
Bitdefender is not alone in having concerns about this Chrome feature. When looking for other examples of these alerts, Bleeping Computer has seen ones recommending that Symantec, AVG, Malwarebytes, and Kaspersky products be removed because they were incompatible.
When BleepingComputer had contacted these companies, we received the following replies explaining how they were planning on handling this situation. Their responses are displayed below.
"Kaspersky Lab is aware of Google Chrome showing alerts that the company’s applications are incompatible with the browser. We have contacted Google to find a solution and we are continuing to look for possible workarounds to resolve this issue.
Having our code injected into the Chrome browser is an important part of the overall internet security approach implemented by security vendors to provide users with safe web surfing. For example, it is critical for a feature of Secure Input that blocks attempts of stealing sensitive data like credit card number, login, password, with malware (keyloggers) installed on user’s devices." - Kaspersky Lab
Pedro Bustamante, Vice President Products & Research at Malwarebytes, told BleepingComputer that Chrome is not actually checking whether a listed incompatible app is causing the crash. Instead they use a blacklist and simply check if those programs are installed, and if they are, list them after a crash.
"I was going to mention that in the current implementation, Chrome doesn’t actually check whether the “incompatible app” is actually causing crashes or not. They are simply taking a list of popular apps and adding them to their warnings, regardless of whether those apps introduce crashes, conflicts, or any other issues. They do this by simply looking at a registry key to see if a particular app is installed or not. They don’t actually validate whether the app causes crashes.
In the case of Malwarebytes, we keep a pretty close eye on any potential issues caused by our products in Chrome, and as far as we know there aren’t any currently nor have there been any for a long period of time. So we’re just as puzzled as everybody else as to why Google would blanket tag us as “incompatible” even though we are 100% compatible and problem-free in all versions of Chrome.
FWIW, we are aware of other popular applications which DO hook into Chrome and DO cause crashes and conflicts regularly, but these are not included in Google’s “incompatible” list of apps. Maybe there is a “friends of Google” preferential list to these warnings?
We reached out to Google through different channels, but so far we have not gotten any insightful or useful response from them." - Pedro Bustamante of Malwarebytes.
Bustamante further told BleepingComputer that there should be a better way to handle this.
"There’s absolutely no logical reason for them to take this approach. They should either stop all code injection, allow only verified security vendors to inject, or at least verify if an app is actually injecting or not before labeling them “incompatible”. Any of these approaches is a better option than what they’re currently doing." - Pedro Bustamante of Malwarebytes.
Avast/AVG decided to change their products to accommodate Chrome's new policies. It is not known what has changed, though, in order to be compatible.
"We have fixed this issue and our products are not reported by Chrome." - Avast/AVG
As you can see, different vendors are tackling this problem in different ways. Some remove features that protect users and others change their program to resolve these new policy requirements.
Ultimately, though, Google is going to need to come up with some procedure that can be used to whitelist security software so that users can stay fully protected, even if that means Chrome may crash from time to time.