Chrome.exe Alerts
egrizzly
Member Posts: 533 ■■■■■□□□□□
Hi all,
Do any of you all receive these notorious Chrome.exe alerts on your EDRs or IDRs? What are these alerts? Are they automatica updates coming from Chrome extensions, or micro version updates from the browser itself? Im stumpted. They're typically something like below:
Filename: Chrome.exe
FilePath: \Device\HarddiskVolume3\Program Files\Chrome\Application
FileHash: these vary and have different hashes that register as PUPs or Grayware on VirusTotal
Do any of you all receive these notorious Chrome.exe alerts on your EDRs or IDRs? What are these alerts? Are they automatica updates coming from Chrome extensions, or micro version updates from the browser itself? Im stumpted. They're typically something like below:
Filename: Chrome.exe
FilePath: \Device\HarddiskVolume3\Program Files\Chrome\Application
FileHash: these vary and have different hashes that register as PUPs or Grayware on VirusTotal
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
Comments
-
JDMurray
Admin Posts: 13,090 Admin
I've seen legit operations in Chrome that are interpreted as heap spraying attacks, but little else. Positive hits on extensions can be anything should be reported to the extension's vendor.
-
JDMurray
Admin Posts: 13,090 Admin
Is your EDR is triggering on the chrome.exe file on disk or on the chrome.exe process running in memory? Extensions are individual files on disk, but may appear as part of the chrome.exe process(es) in memory.