Fake Google Chrome Update Malware Popup
Malicious websites display convincing popups that mimic Chrome's genuine software-update notifications, tricking users into downloading malware disguised as a 'Critical Chrome Update'.
Part of: Fake Browser Update Malware Popups
Last reviewed: 8 June 2026
Google Chrome updates itself silently in the background — users rarely need to manually download anything. This automatic process is so reliable that most Chrome users have never seen a genuine manual update prompt. Scammers exploit this unfamiliarity by creating urgent 'Your Chrome is out of date' banners on compromised websites that closely copy Google's visual identity.
The popup typically appears while browsing a normal-looking site and cannot easily be dismissed. It displays Chrome's real logo, Google's colour palette, and a version number that appears slightly behind the victim's actual installed version. The 'Update Chrome' button initiates a file download — not an official Google update.
What downloads is typically an information-stealing trojan, ransomware loader, or remote-access trojan. Because the file is labelled 'ChromeSetup.exe' or similar, victims often install it without hesitation.
How this scam works on the Google brand
Genuine Chrome updates are pushed automatically by Google and applied the next time the browser is restarted. Chrome never redirects users to a third-party site for an update, and it never presents a full-page blocking popup demanding an immediate download.
The fraudulent version appears as a banner overlaid on the page content or as a separate modal window. Some variants are injected via malicious JavaScript on a compromised website; others are served through fraudulent advertising networks. The file served has a name that references Chrome but is not signed by Google — any modern operating system should warn that the file is from an unknown publisher.
After installation, the malware may silently harvest browser-stored passwords, session cookies including Google account cookies, and credit-card autofill data before sending them to the attacker's server.
Common red flags
- A website shows a full-screen popup saying Chrome needs an urgent update — Chrome updates automatically and never uses external websites for this.
- The 'update' is a downloadable file from a domain that is not google.com or dl.google.com.
- The operating system or browser shows a warning that the file is from an unknown publisher.
- The popup cannot be closed by clicking outside it or pressing Escape.
- The site URL in the address bar is not a well-known domain you intentionally visited.
- The downloaded file is much smaller than an expected browser installation.
How to protect yourself
- Update Chrome by clicking the three-dot menu > Help > About Google Chrome — never from a website prompt.
- Check your Chrome version directly at chrome://settings/help; genuine updates install automatically on that page.
- Use Google's Enhanced Safe Browsing at chrome://settings/security to block malicious download attempts.
- Do not install or run any executable file downloaded from a website that suddenly told you to update your browser.
- Run a full malware scan with Windows Defender or a reputable antivirus if you already installed such a file.
- Change all browser-stored passwords after any suspected malware infection, as infostealers harvest these immediately.
How to report it
- Report the malicious website to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/.
- Upload the suspicious file to VirusTotal at virustotal.com to check it and contribute to threat intelligence.
- Report to Action Fraud actionfraud.police.uk (UK), the FTC at ReportFraud.ftc.gov (US), or your national cybercrime unit.
- If the site appeared in Google Search results, use the 'More' option on the result and select 'Report'.
Frequently asked questions
How does Chrome actually update itself?
Chrome checks for updates automatically in the background. You will see a small coloured arrow on the three-dot menu when an update is pending. Clicking it restarts Chrome and applies the update without any external download.
I downloaded the fake update but did not run it. Am I safe?
If you have not run the file, delete it from your Downloads folder immediately and do not open it. No infection should have occurred, but run a quick antivirus scan for peace of mind.
Can macOS also be targeted by fake Chrome update malware?
Yes. macOS variants typically serve a .dmg or .pkg file. macOS's Gatekeeper will warn you if the file is from an unidentified developer — click Cancel and delete the file.