Google has been working for quite some time to provide improved security features to Chrome users. Earlier, they launched better password protection with breach alerts. Then, they integrated this Password Protection with users’ Google accounts. Now, Google has rolled out the latest version of the Chrome browser with more privacy features. With Chrome 79, Google provides users with enhanced password protection and anti-phishing features.
Google Chrome 79 Password Protection
In a recent blog post, Google has disclosed its plans to provide better password protection with the release of Chrome 79. Google will now warn users about whether their passwords have suffered a breach as they browse.
Detailing this feature in a separate post, Google explained how it will work. In brief, Google will store the breached usernames and passwords in hashed and encrypted forms, with a private key. Then, whenever a user would enter login credentials to any website, the browser will send its hashed and encrypted copy to Google servers.
In case of a match, the browser will alert the user of a possible breach, urging to change passwords. Google say due to encryption, the users’ credentials will remain hidden even from Google.
Source: Google
Regarding the detection of breached credentials, Google explained that they use private set intersection with blinding technique. This technique applies multiple layers of encryption and allows matching encrypted credentials with those stored with Google in encrypted forms. Elaborating on this further, Google stated,
In order to make this computation more efficient, Chrome sends a 3-byte SHA256 hash prefix of your username to reduce the scale of the data joined from 4 billion records down to 250 records, while still ensuring your username remains anonymous.
Enhanced Predictive And Real-time Phishing Protection
Google Chrome already warns users of phishing and malicious websites. Yet, they believe some sites still manage to escape their detection.
Therefore, Google Chrome 79 brings real-time phishing protection. It will match the users’ desired URLs with those listed on Google’s safe list in real-time. In case of no match, the browser will alert the users about the dangerous site. Google assumes that this will provide 30% greater protection to users from phishing and deceptive websites.
In addition, the tech giant has also introduced enhanced predictive protection. While the feature was already available for users who synced history, it will now also work for users who do not sync.
In brief, the browser will detect whenever a user enters a protected password (stored with Google Password Manager or the Google Account password) to another site. It will match the site’s URL with the safe list and will warn the user upon detecting a phishing attempt.
Google believes that this phishing protection will secure “hundreds of millions more people”.
Let us know your thoughts in the comments.