Home Original page

Beware of malware, adware when downloading Google Chrome through Microsoft Edge

  1. Home
  2. Computing
  3. News

New Windows 10 PC owners should be careful about downloading Google Chrome through Microsoft Edge, as Bing is apparently returning search results that contain malware and adware.

There is a running joke that the only purpose of Microsoft Edge is to download Google Chrome, but it appears that the tables could easily turn for users who are not careful. Fortunately, Twitter user Gabriel Landau did not fall prey to a fake Google Chrome download page returned by a Bing search.

Brand new Win10 laptop. Attempt to install Chrome. Almost get owned with my very first action. Why is this still happening in 2018, @bing? Please explain. pic.twitter.com/uYJhu7xa9H

— Gabriel Landau (@GabrielLandau) October 25, 2018

In a video that Landau posted on his Twitter account, he showed how he searched for “download chrome” on Bing through the Microsoft Edge browser. He clicked on the first link that appears, which is marked as from “google.com,” leading to what appears to be the legitimate Google Chrome download page.

However, upon closer inspection, the URL for the page is “googleonline2018.com.” The page is not an exact replica of the official Google Chrome landing page, but it looks real enough to trick users. In addition, clicking on the Download Chrome button starts the download for ChromeSetup.exe, but checking the file’s properties reveals that it is digitally signed by a company named Alpha Criteria, which is obviously not Google. It is very likely that the fake file contains malware.

An investigation by How To Geek revealed that the fake website is actually marked as a “deceptive site” by Google Chrome, but it is not flagged as such by Microsoft Edge and Bing. The Bing search query was reproduced on some systems, not all, but it was only appearing on Microsoft Edge.

The major issue here is that Bing is apparently not checking the URL of the search result, allowing what is likely malware to be downloaded by unsuspecting users. Making matters worse is that Bleeping Computer reported the same advertisement in April, so this is a recurring issue.

A Microsoft spokesperson reached out to How To Geek to say that the fake ad has been removed from Bing, and that the account associated with the malicious content has been banned. However, there was no explanation on why the ad was marked as from “google.com,” and no assurance that the ad will not reappear again after a few months.

The issue drives home the point that users should always be extra careful about downloading anything from the internet. Even if websites and links look legitimate, it is always best to check everything thoroughly to prevent headaches from malware infections.

Aaron Mamiit

Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…

Google Maps tests hiding reviews and images unless you sign in

Maps without reviews? Google's new limited view turns signed-out exploration into a login-bait mystery.

Google Maps limited view for non signed-in users.

Google Maps has quietly begun treating signed-out users differently. It gives them the directions but hides all the other useful information, including photos, reviews, restaurant menus, etc. The development was shared by several Reddit user (1,2) over the last week (covered by 9To5Google).

Signed-out users are reportedly seeing a pop-up that informs them about "Seeing a limited view of Google Maps," along with the list of possible reasons, including Maps experiencing issues, unusual traffic from users' computers or networks, or browser extensions.

Read more

AI chatbots with web browsing can be abused as malware relays

A new demo shows attackers can relay commands and stolen data through AI web features.

File, Adult, Male

AI chatbots with web browsing can be abused as malware relays, based on a Check Point Research demo. Instead of malware calling home to a traditional command server, it can use a chatbot’s URL fetching to pull instructions from a malicious page, then carry the response back to the infected machine.

In many environments, traffic to major AI destinations is already treated as routine, which can let command-and-control fade into normal web use. The same path can also be used to move data out.

Read more

Check your Copilot settings after this confidential email bug

Microsoft says Copilot "work tab" chat pulled from Sent Items and Drafts despite labels.

Copilot

Microsoft has warned that a Microsoft 365 Copilot issue led Copilot Chat to generate summaries from confidential emails that should have been blocked by sensitivity labels and data loss prevention controls. It detected the problem on January 21, and tied it to the Copilot "work tab" chat experience.

If your workplace relies on labels and DLP to keep sensitive mail from being processed, the immediate question is simple. Did the fix reach your tenant, and does Copilot still pull from the wrong places.

Read more