Do I need antivirus on a Chromebook?

ChromeOS is architecturally different from Windows and macOS in ways that severely limit how traditional AV products can operate. The OS runs in a verified boot environment where each layer is checked against a known-good signature on startup. Apps are sandboxed. System files are read-only. A traditional AV engine that scans the file system for malware has almost nothing to scan — the threat model that AV was built for doesn't apply in the same way.

Quick answer

Chromebook used primarily for browsing and web apps→No dedicated AV needed — traditional desktop AV products don't operate on ChromeOS the same way they do on Windows; keep ChromeOS updated and manage extensions carefully

Chromebook with Android apps enabled from Play Store→Bitdefender Mobile Security — Android-compatible, adds a scanning layer for sideloaded Android apps if enabled

Concerned about phishing and malicious websites specifically→Norton browser extension — web protection and phishing detection runs within Chrome without requiring OS-level access

When it matters

The threats that matter on Chromebooks are browser and extension-layer threats, not OS-level malware:

Malicious browser extensions — extensions request broad permissions (read all site data, modify browser behavior); a compromised or deliberately malicious extension can steal credentials, inject ads, and redirect traffic
Phishing — entering credentials on a convincing fake login page works the same way on ChromeOS as on any other platform; the OS provides no protection against this
Android apps — if the Play Store is enabled and apps are sideloaded from outside it, the Android layer on ChromeOS is the attack surface; Google Play Protect scans installed apps but has documented coverage gaps for newer threats
Account compromise — Chromebooks are deeply tied to Google accounts; the device itself being secure doesn't protect a compromised Google account from being used to access all synced data

When it fails

AV engines designed for Windows or macOS cannot install and run as system processes on ChromeOS — the architecture prevents it by design
Browser extensions marketed as 'antivirus for Chromebook' can only operate within browser scope — they are web protection tools, not full AV products
No AV product intercepts a phishing attempt at the credential entry point — that requires user recognition

The highest-leverage protective action on a Chromebook is auditing installed Chrome extensions: review what permissions each one requests, remove any that aren't actively used, and install new extensions only from publishers with a verifiable history. That addresses the most common attack vector with no software purchase required.

How providers fit

Bitdefender Mobile Security fits if the Chromebook has Android app support enabled and you install apps from outside the Play Store. The Android app runs in the Android layer of ChromeOS and provides real-time scanning for Android-format threats. It does not interact with the ChromeOS system layer.

Norton Safe Web as a browser extension fits if phishing and malicious website protection is the specific concern. It operates entirely within Chrome, flags known phishing domains and malicious URLs before you interact with them, and requires no OS-level access.

Bottom line

A Chromebook used for browsing and web apps on a maintained ChromeOS version does not need traditional antivirus — traditional desktop AV products don't operate on ChromeOS in the same way they do on Windows or macOS. The protective actions that matter are: audit Chrome extensions, keep ChromeOS updated, enable two-factor authentication on the associated Google account, and if the Play Store is used, install apps from verified publishers only.

Do I need antivirus on my Android phone?→I'm worried about what antivirus reads on my device→I don't understand the difference between AV and VPN→