Google fixes vulnerabilities in Chrome and adds malware detector

The search firm adds feature to scan downloaded executable files for evidence of malicious intent

Google has released an update for its Chrome browser that fixes 20 security flaws and adds a new feature to scan downloaded executable files for evidence of malware.

The new feature will make it safer for both enterprise users and consumers to download files from unfamiliar sources. Chrome will now check Google's own data on whether the hosting site is likely to serve malware.

"In addition to checking a list of known bad files, Chrome also does checks on executable files (like ".exe" and ".msi" files)," wrote Noé Lutz, a Google software engineer on the firm's Chrome blog.

"If the executable doesn't match a whitelist, Chrome checks with Google for more information, such as whether the website you're accessing hosts a high number of malicious downloads."

While other browsers, including Mozilla's Firefox, warn users away from websites known to serve malware, actually scanning downloaded files is more commonly the job of a dedicated anti-virus (AV) product.

This is not the first time Google has encroached on territory normally reserved for AV vendors.

In July last year the firm said it would warn its users if it detected that they were infected with a particular strain of malware which it found by analysing unusual traffic patterns at one of its datacentres.

At the time, Graham Cluley, senior technology consultant at security firm Sophos, said that Google is not attempting to replace AV products, but complement them.

"Google has been filtering its search results for a number of years, and warning you if the results are malicious. They work with anti-virus vendors behind the scenes, and that's great for protecting end users."