[derefr]

This is defense-in-depth. Sometimes, the goal is to get a chrome extension installed. (One that, for example, creates pop-up advertisements at random intervals to generate grey-market PPM revenue for the extension author.) Windows (and it's inevitably Windows) knows enough to realize "hey, this Chrome isn't the Chrome that was here yesterday." Signed binaries and SmartScreen work together well enough that even when Chrome is installed to a user-writable directory, it'll get punted if a virus actually changes it.

But if a virus can get a perfectly valid program, with every reason to already be on the system, to do something that program already has permission to do... then it can circumvent the OS's strictures against running novel-and-unknown scripts and binaries.

[mehrdada]

Yeah, I'm sure you can construct very specific scenarios in which it would be a roadbump; I don't deny that (in your scenario, for example, you can just replace Chrome with the latest dev channel binary instead of a random patched binary.) I remain unconvinced about it as a "reasonable" threat model. Having native app access is a much greater security risk in an of itself. I wouldn't begin to worry about invalid browser extensions if I knew I have a rouge binary running.

I think it is obvious what their real motivation is.

[icebraining]

Windows (and it's inevitably Windows) knows enough to realize "hey, this Chrome isn't the Chrome that was here yesterday." Signed binaries and SmartScreen work together well enough that even when Chrome is installed to a user-writable directory, it'll get punted if a virus actually changes it.

What if the virus just installs the binary somewhere else, then updates the shortcut? There are hundreds of possible ways, it just seems futile to plug a particular leak.