If Google had its way, everyone would carry around a physical security key to protect our mountains of sensitive and personally identifying data. Alas, most of us do not, so the company has taken measures in recent years to prioritise security for users by baking them into Chrome.
With the rollout of Chrome 79 this week, the company announced it’s launching with new features focused on more secure browsing, two of which involve greater protection against phishing. Google maintains a blacklist of predatory sites as part of the Safe Browsing service that’s used by browsers like Chrome and Firefox. Now, with the newest version of Chrome, desktop users will see real-time phishing alerts on unsafe sites.
“When you visit a website, Chrome checks it against a list stored on your computer of thousands of popular websites that are known to be safe,” Patrick Nepper, Kiran C. Nair, Vasilii Sukhanov, and Varun Khaneja of the Chrome Team wrote in a security blog post on the feature. “If the website is not on the safe-list, Chrome checks the URL with Google (after dropping any username or password embedded in the URL) to find out if you’re visiting a dangerous site. Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new.”
The company is also expanding on existing predictive phishing technology already in place. For users’ Google Account passwords and passwords stored in Chrome’s password manager, Chrome will keep an eye on when those login credentials are entered into a potentially unsafe site. If Chrome determines that the site isn’t safe, it’ll display a warning and prompt the user to change their password.
The added phishing protections to Chrome come on top of a greater security push by Google. In early October, it added a tool (which previously existed as a popular password extension, Password Checkup, until Google brought it) to the Password Manager section of users’ Google Accounts. Password Checkup lets users scan saved passwords to see if they’ve been jeopardized in any data breaches or hacks. The tool will now flag stolen passwords in Chrome as you browse.
The real-time phishing protection will be made available to users who have the Make searches and browsing better setting under the Sync and Google services menu in the Settings section toggled on.