Chrome 79 for Android and Desktop arrived this week and with the updated, Google has added and enhanced a couple of features to keep your online browsing sessions a little more secure. The updates began rolling out on Tuesday and will be making their way to users over the next few days.
Password Checkup
Google’s password checkup began its life as a Chrome extension back in February then subsequently, in October, became part of the security checkup for Google accounts. To simplify it, the Chrome Password Checkup tool will warn users when they enter their credentials have been entered on a site or app that has a know data breach. Before this update, users would have to have the extension installed or manually run the checkup from their Google account’s security menu. Here’s a more details look at how the baked-in feature works:
- Whenever Google discovers a username and password exposed by another company’s data breach, we store a hashed and encrypted copy of the data on our servers with a secret key known only to Google.
- When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome. No one, including Google, is able to derive your username or password from this encrypted copy.
- In order to determine if your username and password appear in any breach, we use a technique called private set intersection with blinding that involves multiple layers of encryption. This allows us to compare your encrypted username and password with all of the encrypted breached usernames and passwords, without revealing your username and password, or revealing any information about any other users’ usernames and passwords. In order to make this computation more efficient, Chrome sends a 3-byte SHA256 hash prefix of your username to reduce the scale of the data joined from 4 billion records down to 250 records, while still ensuring your username remains anonymous.
- Only you discover if your username and password have been compromised. If they have been compromised, Chrome will tell you, and we strongly encourage you to change your password.
Users should begin to see this feature once they receive the update to Chrome 79. Hopefully, you won’t see it but as many of you are aware, breaches and password compromises grow worse every day. You can control the settings for the Password Checkup in your account sync settings.
Real-time Phishing Protection
Chrome does a really good job of alerting users when they are on a know “phishing” site but the number of malicious pages out there on the web is growing at an alarming rate. Currently, Chrome refreshes its list of unsafe websites every 30 minutes to check against user browsing but apparently, that’s not good enough. Now, if you have “Make searches and browsing better” enabled in Chrome, you will have access to real-time phishing alerts.
This feature will soon evolve into Google’s “predictive phishing protection” that will take extra steps to secure your password when a site is suspected of phishing.
Safe Browsing has always scanned the web for these dangerous sites. But, if a phishing site is created and used for attack moments later, even the quickest scanners can’t warn people fast enough. From our years of experience detecting phishing sites, Safe Browsing’s insights can now enable us to make predictions about risks in real time.
We’re using this knowledge to test new predictive phishing protections in Chrome. Soon, when you type your Google account password into a suspected phishing site, we’ll add additional protections to ensure your account isn’t compromised. Those protections will apply even if you use a different browser afterwards.
The Keyword
These features will be rolling out gradually to users on Chrome 79 for desktop and Android. Check back later to see what else is new in the latest version of Chrome and what to expect when Chrome OS 79 arrives sometime next week. To learn more about the new security features on Chrome 79, head over to The Keyword.
