Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Keywords: Google, Chrome, Malware, Google Accounts, Synchronization, Sync
DBSA ID: 2014-0010
Regarding: Google Chrome Malware Synchronization
Date: 2014 04 29
Last Modified: 20140429214553 by Kradorex Xeron
Who should take note: Google Chrome users
Rationale: Users should take note of this issue and be aware to adjust their usage of Chrome installations.
Rationale: This issue could result in multiple computers that deploy Chrome becoming infected with malware and permit for re-infection.
Spread of Issue: SINGLE-PLATFORM LOW
Rationale: Malware can utilize Chrome as a self-preservation methodology.
Chrome is a web browser software package released by Google and is often placed in esteem for its ease of use and speed. Chrome has a mechanism whereas it can synchronize chrome settings, bookmarks, extensions and so forth to one's Google Account. Chrome has a potential vulnerability angle whereas malware may be in the form of a Chrome extension where the Chrome installation synchronizes the malware to Google's servers. Through this synchronization, any other chrome installations (thus computers) and/or profiles synchronized with that Google Account would then become infected by that malware when they download sync updates, even a freshly formatted and reinstalled computer.
Users are advised not to permit Chrome direct access to their Google Account for synchronization.
Those infected with malware who have Chrome installed and sync enabled are advised to disable sync before attempting disinfection, then log into their Google dashboard at http://google.com/dashboard and pursue deletion of Chrome data.
This was an internally researched item.