Oh, the Irony! Chrome is Blocking Security Tool Nmap Downloads Considering it a Security Threat

Nmap is a popular open-source tool created by Gordon Lyon used by security experts and network admins to analyze the network, find exploits, and keep it secure.

However, it seems that for a day at least, Google Chrome blocked all Nmap downloads using its Safe Browsing service by labelling it as a threat.

Even though this has been fixed quickly. For many visitors trying to download the tool, this must have been confusing. A software that’s more than a decade old is now suddenly considered as a threat?

Nmap Project also tweeted about it to inform all the potential users who were blocked from downloading it while using Google Chrome or any other browser with Google Safe Browsing enabled:

Google Chrome has been blocking Nmap downloads all day because their broken "Safe Browsing" system suddenly labeled a 10-year-old version of our Ncat software as a threat. We will get this resolved with Google, but wanted to let you know that your Nmap downloads are still safe! pic.twitter.com/5iR7a07wzF
— Nmap Project (@nmap) January 21, 2021

Google’s Broken Safe Browsing Service

Not just limited to blocking Nmap downloads, Google’s Safe Browsing service has proved to be a nightmare for many webmasters as well.

In some cases, they also mark the domain that links to other phishing sites as dangerous. This is a problem because you can end up linking a website that wasn’t malicious initially but was blacklisted in the service for some reason.

For instance, our news portal could have been potentially blocked by Google Safe Browsing just because we linked to “Nmap” in the past (which they considered as a threat temporarily).

Fortunately, that is not the case, but this has happened with a lot of webmasters.

Nmap Project also mentioned in a tweet that last week Google Chrome blocked a 24-year-old tarball package from their historical archives:

Last week Google Chrome wrongfully blocked a 24-year-old tarball of L0phtcrack source code from our historical archives as “malware”. That one has been fixed, but it’s still frustrating when Big Tech companies block content so carelessly.

In this case, they also noticed that Google’s manual review process wasn’t quick enough but when they ended up Tweeting about this issue, this was resolved quickly.

So, it definitely sounds like Google’s Safe Browsing service needs improvement.

Have you encountered any similar false positives by Google’s Safe Browsing that prevented you to access something? Let me know your thoughts in the comments below.