Google has recently been making improvements to the Chrome browser's Enhanced Safe Browsing, including the previously mentioned Chrome full-screen red pop-up window that reminds users not to download malicious files when downloading them, but that's not all.

The company revealed that the new Enhanced Safe Browsing will vigorously scan files downloaded by users to detect whether they are malicious. Previously, when enhanced security protection was enabled (this feature will also be turned on by default), Chrome would send the metadata of suspicious files downloaded by users to the server for in-depth scanning.

Now Google will send detected suspicious files to Google servers for scanning by default. If the suspicious files are password protected, Chrome will also prompt the user to enter a password and then send them to the server for security scanning.

The common ones that require you to enter a password for scanning are various types of compressed packages. For example, files compressed by ZIP, RAR or 7Z have been password protected. In this case, Chrome will pop up a password input box.

Of course, these are all optional. After all, Google cannot force users to enter passwords. In the password input box prompt, users can choose to always download instead of entering a password. However, in this case, Chrome cannot deeply scan the file and may weaken security.

In response to these security improvements, the Chrome team stated:

Safety warnings are differentiated through images, colors, and text, allowing users to quickly and confidently make the best choice for themselves based on the nature of the danger and the level of certainty for safe browsing.

Overall, these improvements in clarity and consistency can reduce the probability of users downloading malicious files, reduce the number of bypasses of security warnings, and notice security warnings faster, thus improving the user experience.

Of course, Google, as always, emphasizes that all data collected is limited to security monitoring. For example, the files downloaded by the user and the decompression password entered will be retained on the local device. Safe browsing will only check the metadata of the file content.

Despite this, it is still a potential security risk for enterprises. It is estimated that enterprise IT administrators will emphasize that employees should not provide passwords to Chrome during security training to prevent some internal and confidential files from being leaked through Chrome. After all, the words coming out of the mouths of technology companies are not trustworthy.