What Is Google Chat?
Google Chat (chat.google.com) is the default chat app owned by Google. It has replaced Google Hangouts as the place to chat with your friends. Google Chat can be used for free phone calls on Android and iOS. The desktop app is for chatting via text; however, you can video call by starting a Google Meeting. It’s not possible to assess traffic or dates founded for Google Chat because the site is part of a subdomain on the google.com site.
Website: https://chat.google.com/
Is Google Chat Safe?
I conducted a series of malware tests to find out if Google Chat is safe and legit. Here are the results:
I installed the Malwarebytes Browser Guard on my Edge browser where I have Google Chat installed and the browser guard didn’t think the Google Chat app was malicious or compromised.
To check this further I ran malware scans on my computer with Malwarebytes and Spybot – Search & Destroy and they returned no malware detection. I also ran a system-wide scan with Microsoft Defender and no malware was found.
To confirm that the site is clean, I also checked the site chat.google.com on the online malware scanner Sucuri and no malware was found and the site was not blacklisted by any security vendors. You can see the same here: Sucuri scan for the site chat.google.com.
The scan returned with a 404 not found site issue; however, it explains that it was because of the sign in page. The scan was smart enough to understand that the site was still a low security risk which can be seen from the scan results page above.
Some improvements could be made such as solving several missing security headers listed below:
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’. Affected pages:
https://accounts.google.com/signin/v2/’ _.O(_.P(h).replace(/;/g,
https://policies.google.com/privacy?gl=US&hl=en
https://policies.google.com/terms?gl=US&hl=enMissing Strict-Transport-Security security header. Affected pages:
https://accounts.google.com/signin/v2/’ _.O(_.P(h).replace(/;/g,
https://policies.google.com/privacy?gl=US&hl=en
https://policies.google.com/terms?gl=US&hl=enMissing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
The ‘unsafe-eval’ keyword in Content-Security-Policy is not recommended. Please consider fixing the JavaScript code.. Affected pages:
https://accounts.google.com/ServiceLogin?continue=https://chat.google.com/&dsh=S-1173949306:1675159127845189&flowEntry=ServiceLogin&followup=https://chat.google.com/&ifkv=AWnogHfdKhakzWvnbtBv-g9KADpAY8R0e2uSqRSvg1yxBTTaW4O19SOmVP49g48tm4yZHKTLSvOd1A&nojavascript=1&rip=1
https://accounts.google.com/ServiceLogin?continue=https://chat.google.com/?hasBeenRedirected=true&dsh=S-368898853:1675159127328301&flowEntry=ServiceLogin&followup=https://chat.google.com/?hasBeenRedirected=true&ifkv=AWnogHch-_-U-Q3ioeZu-P7J_YSqIVvGibdZrkP7yG6fqy_UhUoOZN03nFY-dqthVuJenNhp_XuSPA&nojavascript=1&osid=1
https://accounts.google.com/signup/v2/nojs?continue=https://chat.google.com/
However, these issues are minor and not enough to change the overall scan result from its low security risk.
Lastly, we ran a malware scan with VirusTotal for the site chat.google.com and it returned with no issues. You can see the same here: VirusTotal scan for the site chat.google.com.
In conclusion, we didn’t find any malware during our scans of Google Chat and can confirm that the app is safe to use.