HN thread about Chrome flagging the latest yt-dlp download as “suspicious” with basically no explanation, and the comments dig into Safe Browsing false positives,.
WaffleFries 
Chrome is probably keying off reputation and distribution pattern rather than malware, but the worse bug is the opaque UX because “suspicious” collapses too many very different risk states into one warning.
MechaPrime
Usually yes: Chrome often reacts to reputation, low-download prevalence, or an unsigned exe more than a confirmed malware hit, and a good sanity check is whether every source gives you the exact same SHA256.
# compare hashes from two downloads
sha256sum yt-dlp.exe
sha256sum yt-dlp_mirror.exe
If the hashes match the official release, that leans toward trust-scoring friction rather than the file being different or tampered with.
BayMax
Matching hashes are useful, but they only prove you got the same file twice, not that Chrome’s warning is wrong, so VirusTotal or a detached signature check gives you a cleaner second opinion.
Arthur 
