Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser.
The real-time anti-phishing capabilities represents an upgrade to Google’s Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites that browsers can check against.
Typically, when a Chrome user visits a website, the browser checks the URL against a locally stored version of the Safe Browsing list, which is updated every half hour. However, Google says some malicious actors have been able to circumvent this protection by quickly switching domains and hiding from the company’s crawlers.
But Chrome’s real-time phishing detection abilities will crack down on such evasive measures. Whenever a user visits a web page, this service will check the URL against a locally stored list of safe sites. If a URL isn’t on the whitelist, Chrome will then check with Google to see if the site is dangerous. “Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new,” states a Google blog post written by Chrome Team members Patrick Nepper, Kiran Nair, Vasilii Sukhanov and Varun Khaneja.
Additionally, the release this week of Chrome 79 will also introduce Google’s predictive phishing capabilities to anyone who is signed in to the browser. Previously, this protection was available only to users that enabled Chrome’s “Sync” function.
The predictive anti-phishing feature works similarly to the real-time phishing service, and activates whenever a user is entering one of their protected passwords into an unusual website. If the site does not appear on a locally stored whitelist, Chrome checks the website’s legitimacy via Google. If the site is assessed as malicious or suspicious, Chrome issues a warning and advises the user to change his or her credentials.
Finally, Google announced that that its password breach warnings, originally offered earlier this year as an extension, would be available to all via Chrome.
The service compares usernames and passwords entered by the user when signing on to a website to more than 4 billion compromised credentials. If a match is found, the user is warned and advised to change his or her credentials. The technology Chrome uses during this process leverages hashing, encryption and anonymization techniques so that a user’s various credentials remain private, and cannot even be seen by Google.