Chrome May Soon Phone Google About Your Antivirus on Windows
Antivirus telemetry for downloads being tested in Chrome Canary.
4 min. read 
Published on
When you download a file in Chrome with Enhanced Safe Browsing enabled, the browser checks if the file is malicious. That part you probably know. What you might not know: Chrome could soon send information about your antivirus product on Windows to Google during that check, part of the Chrome antivirus telemetry feature being tested in Canary.
Windows Report discovered this by analyzing Chrome’s source code. Google is building a system to collect which antivirus software you have on your Windows PC and send that information to Google servers when you download files.
Quick note on Safe Browsing: Chrome has Safe Browsing turned on by default for all users. This protects you from malicious sites and downloads. Enhanced Safe Browsing is an optional upgrade that shares more data with Google for stronger protection. Most users don’t have Enhanced Safe Browsing enabled, as it’s not the default.
This feature is only for Enhanced Safe Browsing users. If you’re on regular Chrome with default Safe Browsing (not Enhanced), this won’t happen.
In plain English, Chrome will tell Google not just about the file you’re downloading but also about your antivirus software, such as Windows Defender, McAfee, or Malwarebytes.
This is currently testing only in Chrome Canary. If you’re on the stable version of Chrome, this isn’t happening yet.
The evidence: three things we found
Chrome’s code changed to include antivirus info. Chrome sends a message to Google when checking downloads, and Google’s code now adds a new field for an antivirus product to that message. This isn’t local data. It’s prepared to be sent to Google.
Google’s own commit documentation states:
“This CL modifies ClientDownloadRequest to support adding antivirus product info download protection pings for ESB users.”
Chrome’s own flag confirms it. Chrome is testing this behind a flag called “Antivirus telemetry for downloads.” The flag description says: “Enables antivirus product info to be included in download pings.”
When the flag is enabled, Chrome will attach your antivirus product name when contacting Google about downloads.
Chrome has to get your antivirus info first. Chrome doesn’t already know your antivirus name. It has to ask Windows for that information, then send it to Google. Google is measuring how long this takes to make sure it doesn’t slow down downloads.
The privacy trade-off you didn’t know about
Important: Most Chrome users don’t have this risk because Enhanced Safe Browsing isn’t enabled by default. Safe Browsing is on by default, but Enhanced is optional.
The question: Is better malware detection worth sharing your antivirus product name with Google?
What you can do right now
If you’re on Chrome Canary, the testing version, go to chrome://flags/#antivirus-telemetry-for-downloads. You’ll see the flag “Antivirus telemetry for downloads.” Set it to “Disabled” if you don’t want this when testing.
If you’re on the stable version of Chrome, this feature isn’t available yet. Nothing to do right now.
What we don’t know yet
Several questions don’t have answers. When will this ship to regular Chrome? Will users get a choice to disable this without turning off Enhanced Safe Browsing? Does Chrome plan to send just your antivirus name, or more details like version? Has Google made a public statement?
The code is public, the flag exists, but Google hasn’t officially said anything.
What we can confirm
Based on source code alone, Chrome is adding support to collect antivirus product information on Windows. Chrome plans to include that information in download protection pings when the flag is enabled. This is for Enhanced Safe Browsing users if it ships.
The question isn’t whether Chrome might ship this. The question is whether you’ll know about it when it does.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Improve this guide
User forum
0 messages