Microsoft Defender Misidentifies Backdoor Trojan Malware In Chrome Browser Update

Microsoft Defender Advanced Threat Protection (ATP) has wrongfully classified the recent Google Chrome browser update as a backdoor trojan.

Several system admins worldwide have reported that classified the sl.pak component in both Chrome 88.0.4324.104 and 88.0.4324.146 (the latest version, released yesterday) installers as a PHP/Funvalget.A backdoor.

“Hey @msftsecresponse – Seeing lots of Defender ATP alerts this morning on C:Program Files (x86)GoogleChromeApplication88.0.4324.104Localessl.pak detected as PHP/Funvalget.A. Can you confirm this is a false positive? SHA256 in reply,” said @wdwinslow.

ZDNet shared a screenshot showing the Chrome sl.pak language file being tagged as a backdoor and being blocked by the ATP.

Microsoft has yet to confirm that the detection is a “false positive” and not an actual threat and has not yet released a statement.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.