The days of multiple browser toolbars in Firefox and Internet Explorer are (mostly) gone, but malicious browser extensions are still prevalent. In fact, you don't even have to venture outside of the Chrome Web Store to find a few. Today, Google announced that it is taking further steps to alert users about malicious extensions/setting changes.
The first of these changes quietly rolled out last month. Chrome now detects when any browser settings have been changed without user interaction, and will offer to revert the changes. You've probably seen installers that ask to change your homepage or search engine (Java, I'm looking at you), or ones that do it without your knowledge. Chrome will detect these changes, and the next time you open the browser, it will ask to restore the original settings.
Secondly, Chrome on Windows will have some form of antivirus built-in, called Chrome Cleanup. Google says that the browser will prompt you when it finds 'suspicious or unwanted programs' on your PC (details here), and give you the option to remove them. Google worked with ESET to utilize its detection engine for this feature to work, but the company is quick to note that Chrome Cleanup is not a general-purpose antivirus. It sounds like this feature will replace the standalone Chrome Cleanup desktop program, which had a similar purpose.
I'll be honest, I have mixed feelings about the new Chrome Cleanup feature. I'm all for removing things from Chrome that the user didn't install on purpose; I saw plenty of computers with sketchy browser extensions when I repaired PCs at Office Depot (that was many moons ago). But Chrome is already somewhat of a performance hog, especially when it comes to RAM usage, and scanning for malicious software will only make it worse. Google also says Chrome Cleanup isn't a general-purpose antivirus, which means users would still need separate software, leaving them with two programs constantly scanning their PC.
You can see Google's blog post about these changes at the source link below. The Chrome Cleanup feature will not be included on Chrome for Mac and Linux.
ESET's Chief Technology Officer, Juraj Malcho, commented on the performance impact of this feature:
Speed of the scan and minimal performance impact is crucial hence only the most necessary parts of the scanning engine are included, resulting in a pretty tiny product. Also, only selected parts of OS are being scanned as compared to full a blown security solution.
From functionality perspective, it lacks preventive dynamic on-access scanning, i.e. it doesn't monitor the system all the time. The scans are being run periodically and the focus here is on remediation - system cleanup and restoring settings to known good state.