The browser’s latest version also aims to up the ante in phishing protection.
Google has added a new feature to its Chrome web browser that will alert users if their login credentials have been compromised in a security breach, according to the company’s announcement.
This may sound familiar, and with good reason. The functionality builds on Chrome’s Password Checkup browser extension, which was rolled out in February of this year and has since been downloaded a little over a million times. In October, Google integrated the feature into Google Accounts, giving users an easy way of checking whether their saved passwords may have been leaked or stolen, as well as determine if their login credentials are weak or reused in multiple accounts.
Now, however, the company is making it even easier to find out if your username/password combinations may have been exposed. The feature – which is part of the release of Chrome 79 to the stable channel for Windows, Mac, Linux, Android, and iOS – has been made available for everyone who’s logged into Chrome.
In a separate blog post, Google gave assurances that the usernames and passwords are hashed and encrypted and that nobody, including the company itself, is able to derive the username or password from the encrypted copy.
As an aside, if you don’t use Chrome, there are other ways to find out if your login details have been exposed in a known security incident. Our recent article sums up some of the most common options.
Phish me not
Recognizing an online phishing attack isn’t always easy, and Google has sought to help people stay safe from this pervasive con. Earlier this year, for example, the company rolled out a quiz that, drawing on real-life techniques deployed by scammers, tested users’ phish-spotting prowess.
Coming back to the present, on top of the integrated leaked-password checker, Chrome’s latest update includes real-time phishing protection. This security enhancement also builds on an existing functionality, as the browser has for some time displayed warnings to people when they attempted to navigate to sites known to pilfer logins.
The feature, which can be controlled in the ‘Settings’ tab under ‘Sync and Google services’, relies on Google’s service known as Safe Browsing, which contains a database of unsafe web resources that updates every 30 minutes. According to the company, however, many phishing sites slipped through the time window. Google says that the expansion of its phishing protection and real-time scanning on desktop has been shown to create alerts for an extra 30 percent of phishing sites.
Beyond that, the latest Chrome update also fixes 51 vulnerabilities, including two rated as ‘critical’.
written by Tomas Foltyn, ESET We Live Security