Microsoft Defender ATP is detecting yesterday's Chrome update as a backdoor

Microsoft commercial antivirus product is labeling Chrome's latest update as being infected with the Funvalget backdoor.
Written by Catalin Cimpanu, Contributor
Image provided to ZDNet by a reader

Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft's top enterprise security solution, is currently having a bad day and labeling yesterday's Google Chrome browser update as a backdoor trojan.

The detections, as can be seen in a screenshot above shared with ZDNet by one of our readers, are for Google Chrome 88.0.4324.146, the latest version of the Chrome browser, which Google released last night.

As per the screenshot above, but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named "PHP/Funvalget.A."

The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months.

System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a "false possitive" and not an actual threat.

ZDNet has contacted a Microsoft spokesperson before this article publication, seeking a formal statement on the ATP detections.

Chances are that this is indeed an erroneous detection, but until a formal announcement, administrators are advised to wait before taking other actions.

The free version of the Microsoft Defender antivirus, the one that ships with all recent Windows versions, has not detected the recent Chrome update as malicious, according to multiple ZDNet tests.

Updated at 15:55 ET to add that Microsoft has confirmed that today's Funvalget detections for Chrome files were false positive detections due to "an automation error."

Editorial standards