Sunday 7 Sep 2008

Spyware in Google Chrome?

no-google-chromeAfter the desinstallation of Chrome a process remains in memory, and this process accesses to the registry to modify the security rules of IE and Firefox. A way to continue to spy the user after desinstallation?

Source Flying over Clouds: Google Chrome and the post-desinstallation garbage


Let's see that with more details:

At the end of desinstallation, a process called "googleupdate.exe" stays in memory. This file was installed with Chrome, but also with the other Google tools (Earth, Desktop, Talk, Picasa...). :-o

The problem is this file remains active after desinstallation and it accesses to the registry key GoogleUpdate.OnDemandCOMClass. Its classId is {2F0E2680-9FF5-43C0-B76E-114A56E93598} going to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\Elevation Policy

google-registry

The "googleupdate.exe" file can modify the security level of Internet Explorer to the medium level (value Policy = 3).

We can also find a strange key for Firefox:
HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=5

Registering Google Update as a new Firefox add-on?


This update tool may only be for real updates, but when you read the (even corrected) Google Chrome privacy notice, you can find:

Your copy of Google Chrome includes one or more unique application numbers. These numbers and information about your installation of the browser (e.g., version number, language) will be sent to Google when you first install and use it and when Google Chrome automatically checks for updates.

~

So each computer with a Google product is identified. Moreover, this "googleupdate.exe"

  • modifies IE security level, installs itself as a Firefox plugin,
  • stays even after removing Chrome (or other),
  • then it communicates each 30 minutes with Google servers.

We are not very far from the definition of a spyware... :-|


café Did this article help you? 
Buy me a coffee!

5 answers at “Spyware in Google Chrome?”

  1. 1
    Cinephile (blog-azur.fr) said:

    If you still want or need to use Chrome, don't forget to suppress googleupdate.exe from the registry. It's here:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ;-)

  2. 2
    Chameleon said:

    SO the question is:
    HAs GOogle been confronted and asked about this? And what did they say?

    As well, One can alway just completely wipe there Computer HD clean and start over.

    LIke opening up by running a completely independant start up HD.

    Any comments?

    The only real problem is when Systems are bought completely pre installed with spy ware built in that is burried in a sub mother board flash like nano memory chip.
    Then we are fucked.

  3. 3
    David (azure-dev.kizone.net) said:

    Of course, Google will say it's only an update tool. But how to really know what does this program? :-|

    That's true we are spied from several ways, but Google already know a lot about us.

  4. 4
    free bingo (tokyobingo.com) said:

    From a technical perspective, Firefox can definitely keep up. Soon Firefox will have a much faster JavaScript engine, for example. But with Google’s visibility Chrome will easily grow a huge user base. They’re already advertising it on AdWords.

  5. 5
    Did - Blog-Azur (blog-azur.fr) said:

    After a first try, it seems we all get back to our old browser. ;-)

    I don't see Chrome in my stats!

Leave a comment (all comments are moderated, don't waste time with spam)

Azure Dev