Microsoft Defender ATP is detecting yesterday’s Chrome update as a backdoor

Microsoft Defender ATP is detecting yesterday’s Chrome update as a backdoor

by
defender-atp-chrome-backdoor.png

Image provided to ZDNet by a reader

Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft’s best enterprise security solution, is having a bad day and labeling yesterday’s Google Chrome browser update as a backdoor Trojan horse.

Detections, as seen in the image above shared with ZDNet by one of our readers, are for Google Chrome 88.0.4324.146, the latest version of the Chrome browser, which Google launched last night.

As per the screenshot above, but also based on reports shared on Twitter by other discouraged system administrators, Defender ATP is currently detecting several files that are part of the Chrome update package v88.0.4324.146 as containing a backdoor trojan generic called “PHP / Funvalget. UMA.”

The alerts have caused quite a stir in corporate environments due to the recent multiple attacks on the software supply chain that have hit companies worldwide in recent months.

System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possibility” and not a real threat.

ZDNet contacted a Microsoft spokesperson prior to the publication of this article, seeking a formal statement on ATP detections.

Chances are that this is really an erroneous detection, but until a formal announcement is made, administrators are advised to wait before taking further action.

The free version of Microsoft Defender antivirus, which ships with all recent versions of Windows, did not detect the recent Chrome update as malicious, according to several ZDNet tests.

Updated at 15:55 ET to add that Microsoft confirmed that today’s Funvalget detections for Chrome files were false positive detections due to “an automation error”

Source