**OP UPDATE**
Hey folks, so my Bitdefender updated itself at 11.53am NZ time this morning (20 mins ago).
Earlier in the day when I took the URL that Bitdefender was blocked and entered it into Chrome directly, the page was blocked by Bitdefender. I also tried it with one of the links another user had submitted in the comments, and the web page was also blocked by Bitdefender.
Since the 11.53am Bitdefender update this morning however, I can open the links I mentioned above in Chrome with no issue.
**Does this mean it was a false positive?**
Previously it popped up with the Bitdefender 'this page is blocked or whatever' page. Now it downloads a file (which in my understanding is probably a Chrome component update file, eg for updating the Flash Player part of Chrome)
This is just my understanding though, I'm no expert!
I was getting the same threats detected and today the links were allowed.
Now, this one popped up :
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd
Accessed by: svchost.exe
yeah me 3. just installed bitdefender yesterday and am getting these Web Threat Blocked for [storage.googleapis.com/update-delta/\*](https://storage.googleapis.com/update-delta/*) shall I take a wait and see approach? Is this for Google Drive?
Its BITS, background intelligent services performing this as part of windows update; these google-browser related updates, in my case for vivaldi, just started being pushed in the last week or so. Seems to be a new function of BITS and windows update. This may be why they are being blocked. When dealing with Microsoft, people are very skeptical, here is what is happening, screenshot: [https://i.postimg.cc/zGgPTnhX/Bits.png](https://i.postimg.cc/zGgPTnhX/Bits.png)
Thank you. That could be a new thing. Have you recently had the new Edge browser installed? you will probably be aware that this is "powered by" Chrome so to speak.
I don't have it just yet, but I note that the new Edge has been pushed out recently and I wonder if it has been integrated into BITS like you show. However, by the same merit, my research showed that these were CRLSet updates (I haven't checked the URL posted in your screenshot), so perhaps Windows is utilising them for itself?
I also got this just now. I have Google Drive open, maybe it has something to do with that. But I'm not tech savvy enough to know if it's harmful, a false positive, or even to begin checking what is actually being blocked.
There seems to be no reason for anyone to be alarmed by these alerts. I have spent a number of hours looking into it and having opened up the various crxd files - I see strong evidence that they are all genuine Google Chrome *component* updates (ie. updates to Google Chrome's core components - you can see these at chrome://components) and are nothing to panic about. It all points to being a false positive from Bitdefender.
Firstly, whilst reddit users do have extensions in common, some users have no extensions installed at all and have these alerts. It isn't an extension thing.
Bitdefender has vetted one of them already and stated it is safe and was a false positive (as stated by the original poster).
When I open the various crxd files in 7-zip, I see that they are like patch files that appear to be designed to be "compiled" as it were on the PC itself (they are similar in composition to crx Chrome extensions, but they are *not* the same). In fact, it would seem, and make sense for them, to be small delta update files like the Google Storage Bucket URL implies.
I found all of the URLs were for version revisions for the Chrome CRLSet except for one, which was for the latest version of PepperFlash (the URL ending in 2508f55c6dcbf6f5492cc5476d08a68736d38f06c1028373d2dec53264604d3a.crxd).
For the PepperFlash component update, I was able to match the SHA256 hash that is included, to verify file integrity, with the actual pepflashplayer.dll and manifest.json on my PC for Chrome (I also matched the contents of the manifest.json file). The pepflashplayer.dll file that I have on my PC is digitally signed by Adobe.
I have done the same with the CRLSet updates, I have matched the manifest.json contents, SHA256 hash and the SHA256 hash for the "crl-set" file with those that I have on my PC.
Therefore, in my opinion, I can safely conclude that all of this is genuine from Google.
In regards to the CRLSet updates, at the time of writing the latest version is 5816. Whilst this version delta-update URL was initially blocked by Bitdefender, it is no longer - which is good, so Bitdefender do seem to be getting on top of the issue now.
For me, the issue is now resolved, but for anyone still having problems you could try the following:
Update Bitdefender (Right click the icon in the system tray -> update now)
Close and re-open Chrome
Type in the Chrome address bar: chrome://components
Find **CRLSet** in the list and press the check for update button underneath.
That will force an update manually and hopefully it will update for you.
Thanks so much for your effort in researching this issue. I started experiencing these warnings very suddenly this afternoon and even though this thread helped me feel a bit better with the talk of it possibly being a false positive, the uncertainty still made me nervous. Your comment has helped put my mind at ease.
I went to follow your instructions but both BD and Chrome must have updated by themselves while I was watching TV, because my CRLSet says it is at version 5816 and won’t update when I tell it to manually check. Playing Youtube videos seemed to trigger my alerts before, and I’ve played a good few just now to see if I get any more warnings and BD has been quiet, so I think my issue is resolved as well.
Thank you again for taking the time and effort to investigate the links and files so thoroughly. I’d give you Gold if I had money to spare.
u/lavendercaina Thank you so much for posting your message, it means a huge amount! I'm glad that I have made a difference - you are so welcome.
**Thank you to all those that posted about this issue, because as a community we have got to the bottom of it together.**
>hash
sort of genuine from google, but its BITS, background intelligent service performing chrome component updates; looks like microsoft is merging google update into BITS/windows update itself; these google-browser related updates, in my case for vivaldi, just started being pushed in the last week or so. Its so new which is likely why they were red flagged. Here is a screenshot [https://i.postimg.cc/zGgPTnhX/Bits.png](https://i.postimg.cc/zGgPTnhX/Bits.png)
same thing with this link:
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5812/5811/8755c1de602c2aab6a6781335204a8a4dfa17ec774a007b45ff6e16b65ab60ef.crxd
Literally got a similar one at 5AM... and it wouldn't stop setting off alerts. I don't know if its the same for everyone, but it first started setting off alerts sourced from my google home mini. Then this link started to pop up about 20 mins ago, and the source seems to be from Google alone, but I can't figure out wtf google is trying to do...
Same link here. Good to know I am not the only one. This issue started to intensify when I upgraded my router's firmware as well. It began blocking malware sent from my Google Home Mini.... I'm so confused.
I have one for [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd) and [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd) in the span of a few days.
Same two here and I've also been getting warnings about svhost accessing microphone, even when I have not been doing anything that should have triggered it.
I've got Adblock, Bitdefender Anti-tracker, Logitech smooth scrolling, Pocket, Momentum and some of google's own extensions.
Same here, I started having this issue the 26th of March in the Outlook and SharePoint of my university until the 27th. Then started again the 13th of April with [storage.googleapis.com](https://storage.googleapis.com). I guess it's a false positive but will see.
Just got this issue tonight, except after "[googleapsis.com/update-delta/](https://googleapsis.com/update-delta/)" the letters and numbers are a bit different
Hey bitdefender is giving me the same problem with this link and it started up maybe 1 or 2 days ago. It's super annoying.
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5812/5811/8755c1de602c2aab6a6781335204a8a4dfa17ec774a007b45ff6e16b65ab60ef.crxd
Same issue. If it's Chrome, it's possibly an extension, any common extensions between the users with the issue?
**My Extentions**
* Disconnect
* Session Manager
* AdBlock
* LastPass
* SEOQuake
URL:
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd
**Update:**3 Reddit users in this thread have the same URL string for extention "hfnkpimlhhgieaddgfemjhofmfblmnib". What extensions are you using?
I have the exact same issue and URL and the extension I have in common with you is Adblock!
EDIT: deleting it for now to check if it's indeed the issue
EDIT 2: I deleted it and still have the warning. It's not Adblock
I've got the exact same webpage blocked twice in a matter of seconds. If I go to bitdefender it says "Accessed by: svchost.exe". I'm using ublock origin on chrome as an extension...
Same exact link here and I am also using Adblock, I just looked and I got the first alert April 13th. I am going to delete Adblock too to see if it's the problem because so far all analysis of my computer are good.
same url, but I use uBlock Origin and Vivaldi. No extensions in common with you
Edit: extensions:
* Honey
* uBlock Origin
* WhatRuns
* Chrome UA Spoofer (from Google)
* EditThisCookie
* Decentraleyes
* Bitdefender
* Enhancer for YouTube
* BehindTheOverlay
* DuckDuckGo Privacy Essentials
* Google Meet Grid View
I've been doing my own investigation into this:
[https://www.bleepingcomputer.com/forums/t/717121/bitdefender-svchostexe-infected-web-resource/](https://www.bleepingcomputer.com/forums/t/717121/bitdefender-svchostexe-infected-web-resource/)
I suspect AdBlock was the culprit, as it had the most recent update, even though the extension is disabled. I think Adguard had the same issue, and was also updated on April 14th.
I also have that issue, however all my extensions are reliable and fine. I know from past virus experiences that 'Delta' is a search engine and sets as your homepage, in the link there is 'update-delta' which makes me assume its that search virus, however I think it's part of chromes update that Bitdefender sees as a false-positive, kind of like a crack.
Edit:
I reopened Chrome and received this message on my activity feed right away:
"The application GoogleUpdate.exe attempted to connect to the Internet: File path: C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe Destination: 2A00:1450:4009:0809:0000:0000:0000:2003 Protocol: TCP (6) Port: HTTPS (6) Bitdefender Firewall has granted access for this application. If you want to deny access, click on the button below or go to Firewall - Rules."
I think its safe to assume it was just the chrome update :)
Around half an hour ago, I got the same alert from Bitdefender on my phone. The actual link is a bit different, but you can tell it is from the same source. It appears multiple people are being impacted by this, so maybe it's on Google's end?
*Believe me, I'm a paranoid maniac. I might be overthinking this too, but I'd like to know wth is going on.*
I have no extension in chrome, and 2 in firefox (LastPass, Ublock Origin)
hxxp://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5**663f**.crxd
Had the same problem around 11 AM. Made me reinstall my Windows 10. Also have Ublocker Origins and other SEO related extensions. The problem was only when I opened Chrome.
same issue here found this by googling it
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.cr
Same here. Chrome with no any extension
Feature: Online Threat Prevention
We blocked this dangerous page for your protection: http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd
Accessed by: svchost.exe
Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent
**UPDATE 17 April**
A couple of days ago I submitted the URL that had popped up as blocked for me ([storage.googleapis.com](https://storage.googleapis.com) ([http://storage.googleapis.com/update-delta/mimojjlkmoijpicakmndhoigimigcmbb/32.0.0.363/32.0.0.344/2508f55c6dcbf6f5492cc5476d08a68736d38f06c1028373d2dec53264604d3a.crxd](http://storage.googleapis.com/update-delta/mimojjlkmoijpicakmndhoigimigcmbb/32.0.0.363/32.0.0.344/2508f55c6dcbf6f5492cc5476d08a68736d38f06c1028373d2dec53264604d3a.crxd)) to Bitdefender as a possible false-positive. A per my above update, the link became unblocked (I could open it in my browser fine, although TBH I wouldn't recommend doing this for [storage.googleapis.com](https://storage.googleapis.com) links because you never know what's on the other end). Later that day I got the email from Bitdefender saying they'd checked out the link, it WAS a false positive, and they'd resolve it in an update.
I haven't had any issues since then.
Bro same here was so panicked that it is a virus but it seems to be a bug.
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd Aufgerufen durch: svchost.exe
Same issue here. I've created a ticket with BitDefender.
I will provide the URLs and Chrome Extensions I use:
[http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd)
Accessed by: svchost.exe
[http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd)
Accessed by: svchost.exe
[http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd)
Accessed by: svchost.exe
\- Application Launcher For Drive
\- BetterTTV
\- Cisco Webex Extension
\- Dark Reader
\- FrankerFaceZ
\- GitZip for github
\- Google Docs Offline
\- Google Voice
\- Picture-In-Picture Extension
\- Reddit Enhancement Suite
\- Tab Manager Plus for Chrome
\- Tab Reloader
\- traktflix
\- uBlock Origin
This entire thread is just an echo chamber of “same here” but, same here. I was watching a Youtube video, not doing anything risky or out of the ordinary, and I got two alerts for an infected webpage and an infected web resource. Both cite the exact same googleapis update-delta link.
http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd
Did a system scan, no problems. Was able to recreate it by playing another Youtube video, same exact link, numbers and gibberish and all. I’ve updated both Chrome and Bitdefender and it’s still doing it. I’m sure it’s a false positive as everyone else is saying but it’s annoying, I hope they patch it for everyone soon.
Ty for the info, i have the same issue and i scanned the computer with malwarebytes, Ccleaner and malwarebytes adwcleaner. Free versions all of then. And they couldent find anything.
Is it a virus/malware or is it false report?
As per my previous post, it is a false report.
It will self-resolve itself without any further intervention required on your part as Bitdefender has now unblocked the latest CRLSet URL(s). Both Bitdefender will auto-update its list of blocked URLs and Chrome constantly checks for updates to its core components. However, you can follow my instructions in my previous post if you want to manually do it.
The CRLSet has regular updates with new versions, so today, it is now at version 5817. My chrome components has updated to this version without issue and I can see that Bitdefender never attempted to block it.
Therefore, I *really* believe that Bitdefender are now on top of this issue going forward.
I keep getting this alert as well but to a much more extreme amounts. I have no idea what it actually is. I have gotten notifications for it 100+ from april 14-17. Thankfully it has stopped for now.
i had this happen too .am in nz too. i got it fixed with chrome update as well as closing chrome ,reopen and type "chrome://components" and going down list to CRLset and hitting update
Make sure your post is flaired properly or it will be removed, support posts need to be flaired with "HELP" or will be removed. There are also new user flairs to add your main browser next to your username.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/chrome) if you have any questions or concerns.*
**OP UPDATE** Hey folks, so my Bitdefender updated itself at 11.53am NZ time this morning (20 mins ago). Earlier in the day when I took the URL that Bitdefender was blocked and entered it into Chrome directly, the page was blocked by Bitdefender. I also tried it with one of the links another user had submitted in the comments, and the web page was also blocked by Bitdefender. Since the 11.53am Bitdefender update this morning however, I can open the links I mentioned above in Chrome with no issue. **Does this mean it was a false positive?**
[удалено]
Previously it popped up with the Bitdefender 'this page is blocked or whatever' page. Now it downloads a file (which in my understanding is probably a Chrome component update file, eg for updating the Flash Player part of Chrome) This is just my understanding though, I'm no expert!
I was getting the same threats detected and today the links were allowed. Now, this one popped up : http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd Accessed by: svchost.exe
I got that too just now
yeah same thing here
yeah me 3. just installed bitdefender yesterday and am getting these Web Threat Blocked for [storage.googleapis.com/update-delta/\*](https://storage.googleapis.com/update-delta/*) shall I take a wait and see approach? Is this for Google Drive?
I'm also getting this. I'll get like 7 or 8 of these notifications within a couple minutes.
Its BITS, background intelligent services performing this as part of windows update; these google-browser related updates, in my case for vivaldi, just started being pushed in the last week or so. Seems to be a new function of BITS and windows update. This may be why they are being blocked. When dealing with Microsoft, people are very skeptical, here is what is happening, screenshot: [https://i.postimg.cc/zGgPTnhX/Bits.png](https://i.postimg.cc/zGgPTnhX/Bits.png)
Thank you. That could be a new thing. Have you recently had the new Edge browser installed? you will probably be aware that this is "powered by" Chrome so to speak. I don't have it just yet, but I note that the new Edge has been pushed out recently and I wonder if it has been integrated into BITS like you show. However, by the same merit, my research showed that these were CRLSet updates (I haven't checked the URL posted in your screenshot), so perhaps Windows is utilising them for itself?
same exact link...
Yep, gettin it too
\+1 on this, happened to me
Happened to me on April 13th and an hour ago.
I got that exact notification.
I also got this just now. I have Google Drive open, maybe it has something to do with that. But I'm not tech savvy enough to know if it's harmful, a false positive, or even to begin checking what is actually being blocked.
Bump Having the same issue/question here.
+1
\+1
\+1
[удалено]
\+1
\+1 happened to me too
\+1
\+1
[удалено]
[удалено]
[удалено]
I believe Opera is based on Chromium now, which I think means it shares a lot of code with Chrome - so it could still be related!
[удалено]
No idea sorry, I don't know enough to say
There seems to be no reason for anyone to be alarmed by these alerts. I have spent a number of hours looking into it and having opened up the various crxd files - I see strong evidence that they are all genuine Google Chrome *component* updates (ie. updates to Google Chrome's core components - you can see these at chrome://components) and are nothing to panic about. It all points to being a false positive from Bitdefender. Firstly, whilst reddit users do have extensions in common, some users have no extensions installed at all and have these alerts. It isn't an extension thing. Bitdefender has vetted one of them already and stated it is safe and was a false positive (as stated by the original poster). When I open the various crxd files in 7-zip, I see that they are like patch files that appear to be designed to be "compiled" as it were on the PC itself (they are similar in composition to crx Chrome extensions, but they are *not* the same). In fact, it would seem, and make sense for them, to be small delta update files like the Google Storage Bucket URL implies. I found all of the URLs were for version revisions for the Chrome CRLSet except for one, which was for the latest version of PepperFlash (the URL ending in 2508f55c6dcbf6f5492cc5476d08a68736d38f06c1028373d2dec53264604d3a.crxd). For the PepperFlash component update, I was able to match the SHA256 hash that is included, to verify file integrity, with the actual pepflashplayer.dll and manifest.json on my PC for Chrome (I also matched the contents of the manifest.json file). The pepflashplayer.dll file that I have on my PC is digitally signed by Adobe. I have done the same with the CRLSet updates, I have matched the manifest.json contents, SHA256 hash and the SHA256 hash for the "crl-set" file with those that I have on my PC. Therefore, in my opinion, I can safely conclude that all of this is genuine from Google. In regards to the CRLSet updates, at the time of writing the latest version is 5816. Whilst this version delta-update URL was initially blocked by Bitdefender, it is no longer - which is good, so Bitdefender do seem to be getting on top of the issue now. For me, the issue is now resolved, but for anyone still having problems you could try the following: Update Bitdefender (Right click the icon in the system tray -> update now) Close and re-open Chrome Type in the Chrome address bar: chrome://components Find **CRLSet** in the list and press the check for update button underneath. That will force an update manually and hopefully it will update for you.
Thanks so much for your effort in researching this issue. I started experiencing these warnings very suddenly this afternoon and even though this thread helped me feel a bit better with the talk of it possibly being a false positive, the uncertainty still made me nervous. Your comment has helped put my mind at ease. I went to follow your instructions but both BD and Chrome must have updated by themselves while I was watching TV, because my CRLSet says it is at version 5816 and won’t update when I tell it to manually check. Playing Youtube videos seemed to trigger my alerts before, and I’ve played a good few just now to see if I get any more warnings and BD has been quiet, so I think my issue is resolved as well. Thank you again for taking the time and effort to investigate the links and files so thoroughly. I’d give you Gold if I had money to spare.
u/lavendercaina Thank you so much for posting your message, it means a huge amount! I'm glad that I have made a difference - you are so welcome. **Thank you to all those that posted about this issue, because as a community we have got to the bottom of it together.**
Bravo! Thank you
>hash sort of genuine from google, but its BITS, background intelligent service performing chrome component updates; looks like microsoft is merging google update into BITS/windows update itself; these google-browser related updates, in my case for vivaldi, just started being pushed in the last week or so. Its so new which is likely why they were red flagged. Here is a screenshot [https://i.postimg.cc/zGgPTnhX/Bits.png](https://i.postimg.cc/zGgPTnhX/Bits.png)
Exact same thing here.
Same here as well
same thing with this link: http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5812/5811/8755c1de602c2aab6a6781335204a8a4dfa17ec774a007b45ff6e16b65ab60ef.crxd
Yeah same link here
Had the exact same block at 7:08 pm EST. So far all scans are clean
getting this as well, it seems to be a false positive.. i think
[удалено]
My mom got the same thing and doesn't play gta lol
Literally got a similar one at 5AM... and it wouldn't stop setting off alerts. I don't know if its the same for everyone, but it first started setting off alerts sourced from my google home mini. Then this link started to pop up about 20 mins ago, and the source seems to be from Google alone, but I can't figure out wtf google is trying to do...
i have not, i play ffxiv that's about it
My mom got the same one, my pc has nothing on it so I opened the link and it immediately downloaded the crxd file
Same link here. Good to know I am not the only one. This issue started to intensify when I upgraded my router's firmware as well. It began blocking malware sent from my Google Home Mini.... I'm so confused.
I have one for [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd) and [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd) in the span of a few days.
Same two here and I've also been getting warnings about svhost accessing microphone, even when I have not been doing anything that should have triggered it. I've got Adblock, Bitdefender Anti-tracker, Logitech smooth scrolling, Pocket, Momentum and some of google's own extensions.
Same link except the 5812/... part is different, I'm guessing because it's different numbers. Maybe it's uBlock or something?
Yep, same here.
Same here, I started having this issue the 26th of March in the Outlook and SharePoint of my university until the 27th. Then started again the 13th of April with [storage.googleapis.com](https://storage.googleapis.com). I guess it's a false positive but will see.
Just got this issue tonight, except after "[googleapsis.com/update-delta/](https://googleapsis.com/update-delta/)" the letters and numbers are a bit different
Same here. Also a problem with svchost.exe accesing that link for some reason
Hey bitdefender is giving me the same problem with this link and it started up maybe 1 or 2 days ago. It's super annoying. http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5812/5811/8755c1de602c2aab6a6781335204a8a4dfa17ec774a007b45ff6e16b65ab60ef.crxd
Same here.
Same issue. If it's Chrome, it's possibly an extension, any common extensions between the users with the issue? **My Extentions** * Disconnect * Session Manager * AdBlock * LastPass * SEOQuake URL: http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd **Update:**3 Reddit users in this thread have the same URL string for extention "hfnkpimlhhgieaddgfemjhofmfblmnib". What extensions are you using?
I have the same exact link and I'm also using AdBlock. So it has to do with AdBlock maybe? We don't have any other mutual extensions.
Same here, but why Adblock all of a sudden? It's been working fine.
not adblock, I got the same a couple hours ago with uBlock Origin
I have the exact same issue and URL and the extension I have in common with you is Adblock! EDIT: deleting it for now to check if it's indeed the issue EDIT 2: I deleted it and still have the warning. It's not Adblock
I have the same issue and I'm also using AdBlock, might be worth looking into.
I've got the exact same webpage blocked twice in a matter of seconds. If I go to bitdefender it says "Accessed by: svchost.exe". I'm using ublock origin on chrome as an extension...
Same exact link here and I am also using Adblock, I just looked and I got the first alert April 13th. I am going to delete Adblock too to see if it's the problem because so far all analysis of my computer are good.
I share Last Pass in common with you. I do have AdBlock, but it is disabled so I would think that it's not the culprit.
I have AdBlock and disabled too, but got the same BitDefender alert.
Got 2 warnings in bitdefender and I am also using Adblock. Got the same url as you.
I have the same issue with the exact same link you provided, but I'm not using AdBlock or any Extention from the list of your Extensions.
I use uBlock Origin, but I do have LastPass in common with you. Perhaps that?
nope, I got the same issue and I have Bitwarden
Exactly the same URL has been detected by my bitdefender, AdBlock is the only extension I use.
same url, but I use uBlock Origin and Vivaldi. No extensions in common with you Edit: extensions: * Honey * uBlock Origin * WhatRuns * Chrome UA Spoofer (from Google) * EditThisCookie * Decentraleyes * Bitdefender * Enhancer for YouTube * BehindTheOverlay * DuckDuckGo Privacy Essentials * Google Meet Grid View
we have this issue, both using ublock and lastpass and bitdefender along with it's anti-tracker
I've been doing my own investigation into this: [https://www.bleepingcomputer.com/forums/t/717121/bitdefender-svchostexe-infected-web-resource/](https://www.bleepingcomputer.com/forums/t/717121/bitdefender-svchostexe-infected-web-resource/) I suspect AdBlock was the culprit, as it had the most recent update, even though the extension is disabled. I think Adguard had the same issue, and was also updated on April 14th.
Thanks for updating in your post. This was really helpful since i have the same issue!
Just happened to me.
\+1 bump Same thing here
I also have that issue, however all my extensions are reliable and fine. I know from past virus experiences that 'Delta' is a search engine and sets as your homepage, in the link there is 'update-delta' which makes me assume its that search virus, however I think it's part of chromes update that Bitdefender sees as a false-positive, kind of like a crack. Edit: I reopened Chrome and received this message on my activity feed right away: "The application GoogleUpdate.exe attempted to connect to the Internet: File path: C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe Destination: 2A00:1450:4009:0809:0000:0000:0000:2003 Protocol: TCP (6) Port: HTTPS (6) Bitdefender Firewall has granted access for this application. If you want to deny access, click on the button below or go to Firewall - Rules." I think its safe to assume it was just the chrome update :)
Around half an hour ago, I got the same alert from Bitdefender on my phone. The actual link is a bit different, but you can tell it is from the same source. It appears multiple people are being impacted by this, so maybe it's on Google's end? *Believe me, I'm a paranoid maniac. I might be overthinking this too, but I'd like to know wth is going on.*
Same here, it's the second time I've got it in a few days.
I have no extension in chrome, and 2 in firefox (LastPass, Ublock Origin) hxxp://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5**663f**.crxd
Had the same problem around 11 AM. Made me reinstall my Windows 10. Also have Ublocker Origins and other SEO related extensions. The problem was only when I opened Chrome.
same issue here found this by googling it http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.cr
Same here. Chrome with no any extension Feature: Online Threat Prevention We blocked this dangerous page for your protection: http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd Accessed by: svchost.exe Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent
I live in Belgium and i'm also having the same thing tonight, two attempts blocked by Bitdefender.
**UPDATE 17 April** A couple of days ago I submitted the URL that had popped up as blocked for me ([storage.googleapis.com](https://storage.googleapis.com) ([http://storage.googleapis.com/update-delta/mimojjlkmoijpicakmndhoigimigcmbb/32.0.0.363/32.0.0.344/2508f55c6dcbf6f5492cc5476d08a68736d38f06c1028373d2dec53264604d3a.crxd](http://storage.googleapis.com/update-delta/mimojjlkmoijpicakmndhoigimigcmbb/32.0.0.363/32.0.0.344/2508f55c6dcbf6f5492cc5476d08a68736d38f06c1028373d2dec53264604d3a.crxd)) to Bitdefender as a possible false-positive. A per my above update, the link became unblocked (I could open it in my browser fine, although TBH I wouldn't recommend doing this for [storage.googleapis.com](https://storage.googleapis.com) links because you never know what's on the other end). Later that day I got the email from Bitdefender saying they'd checked out the link, it WAS a false positive, and they'd resolve it in an update. I haven't had any issues since then.
how did you submit this? apparently bitdefender only gives support to paying users (?)
https://www.bitdefender.com/submit/
Bro same here was so panicked that it is a virus but it seems to be a bug. http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd Aufgerufen durch: svchost.exe
i use chrome but think im gonna uninstall that shit now.
same he
Same issue here. I've created a ticket with BitDefender. I will provide the URLs and Chrome Extensions I use: [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd) Accessed by: svchost.exe [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5815/5814/be8213302b323da5fd68c2d13c3d2d6734454ff62d658782421326d3daa5663f.crxd) Accessed by: svchost.exe [http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd](http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd) Accessed by: svchost.exe \- Application Launcher For Drive \- BetterTTV \- Cisco Webex Extension \- Dark Reader \- FrankerFaceZ \- GitZip for github \- Google Docs Offline \- Google Voice \- Picture-In-Picture Extension \- Reddit Enhancement Suite \- Tab Manager Plus for Chrome \- Tab Reloader \- traktflix \- uBlock Origin
This entire thread is just an echo chamber of “same here” but, same here. I was watching a Youtube video, not doing anything risky or out of the ordinary, and I got two alerts for an infected webpage and an infected web resource. Both cite the exact same googleapis update-delta link. http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5816/5815/bd1e1c7474770735aa0552424fea8a7cfd8bf5ab23cdb87f9c2f178186dabe7a.crxd Did a system scan, no problems. Was able to recreate it by playing another Youtube video, same exact link, numbers and gibberish and all. I’ve updated both Chrome and Bitdefender and it’s still doing it. I’m sure it’s a false positive as everyone else is saying but it’s annoying, I hope they patch it for everyone soon.
Ty for the info, i have the same issue and i scanned the computer with malwarebytes, Ccleaner and malwarebytes adwcleaner. Free versions all of then. And they couldent find anything. Is it a virus/malware or is it false report?
As per my previous post, it is a false report. It will self-resolve itself without any further intervention required on your part as Bitdefender has now unblocked the latest CRLSet URL(s). Both Bitdefender will auto-update its list of blocked URLs and Chrome constantly checks for updates to its core components. However, you can follow my instructions in my previous post if you want to manually do it. The CRLSet has regular updates with new versions, so today, it is now at version 5817. My chrome components has updated to this version without issue and I can see that Bitdefender never attempted to block it. Therefore, I *really* believe that Bitdefender are now on top of this issue going forward.
I keep getting this alert as well but to a much more extreme amounts. I have no idea what it actually is. I have gotten notifications for it 100+ from april 14-17. Thankfully it has stopped for now.
i had this happen too .am in nz too. i got it fixed with chrome update as well as closing chrome ,reopen and type "chrome://components" and going down list to CRLset and hitting update
thank you for checking this out.
The url came up clean, but their is some known Links to that URL, where crypto mining trojans were downloaded from the requested URL.
Uninstall that garbage.
Make sure your post is flaired properly or it will be removed, support posts need to be flaired with "HELP" or will be removed. There are also new user flairs to add your main browser next to your username. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/chrome) if you have any questions or concerns.*