Google Chrome 79 introduces real-time phishing protections, password breach warnings
Chrome will now warn users if their username and password have been compromised in a data breach on some site or app.Devdiscourse News Desk | California | Updated: 11-12-2019 15:54 IST | Created: 11-12-2019 15:54 IST
With the release of Chrome 79, Google is rolling out a host of new security features including better password protections to alert users before they become a victim of phishing or data breach. Here's a quick look into the new features that will make online experience safer and easier:
Password breach warnings
Earlier this year, Google introduced the Password Checkup extension that helped users resecure accounts that were affected by data breaches. Later in October, the tech giant added the Password Checkup feature into Google account that checked the strength and security of all the saved passwords and warned if they've been compromised.
And now, Chrome is integrating this feature that can be controlled in Settings under Sync and Google Services. Chrome will now warn users if their username and password have been compromised in a data breach on some site or app. For now, this new feature will be available to everyone signed in to Chrome browser.
Image Credit: Google
- Google stores a hashed and encrypted copy of the data (username and password) exposed in a data breach on its servers with a secret key known only to the company
- When a user signs in to a website, Chrome will send a hashed copy of the data to Google encrypted with a secret key only known to Chrome. No one can derive this data from this encrypted copy, not even Google.
- Google uses a 'private set intersection with blinding' technique to determine if the data of a particular user has been compromised. Without revealing any information, Chrome compares encrypted username and password with that of the breached ones.
- If the username and password have been compromised, Chrome will notify that particular user along with recommendations to change the account credentials.
Real-time phishing protection
Every day, Google's Safe Browsing tool protects over four billion devices against all kinds of security threats by notifying users when they attempt to navigate to dangerous sites or download malicious files. It maintains a list of unsafe sites on the web that refreshes every 30 minutes and notifies webmasters or other browsers if their websites are compromised.
Image Credit: Google
Chrome is now offering phishing protections that can inspect the URLs of pages visited with Safe Browsing's servers in real-time and warn users when visiting malicious sites.
Chrome checks the URL with Google (after dropping any username or password embedded in the URL) to find out if you're visiting a dangerous site. Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new.
The new feature will initially be rolled out for everyone who has enabled the "Make searches and browsing better" setting in Chrome. In addition, Google is also expanding the predictive phishing protections to everyone signed in to Chrome, even if they have not enabled Sync. When users enter their credentials into a suspected phishing page, the predictive phishing protections warn and encourage them to change their compromised passwords.
The protections introduced back in October 2017 will now also work for all the passwords stored in Chrome's password manager.
By watching for password reuse, Chrome can give heightened security in critical moments while minimizing the data it shares with Google. We think predictive phishing protection will protect hundreds of millions more people.
New visual representation of Chrome profiles
Google has improved the way Chrome profiles are featured and also updated the look of the profile menu. Users will now see a new visual representation of the profile currently in use to ensure they are saving their passwords to the right profile. These improvements will greatly help people who share their computers or use multiple profiles.