The Google Chrome browser will get new real-time and improved predictive phishing protection capabilities with release 79, protecting users against such attacks with the help of the Safe Browsing blacklist service.
Safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. These capabilities will now be adopted by Google Chrome's phishing protection feature to detect and alert users of active phishing sites.
"Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure," Google says.
"The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing."
Real-time and predictive phishing protection
Chrome will now provide its desktop users with real-time phishing protection designed to alert them when visiting malicious sites and will first be available to all users with the 'Make searches and browsing better' setting enabled — requires one to allow the browser to anonymously collect data about visited sites.
The new real-time phishing protection feature works by examining "the URLs of pages visited with Safe Browsing’s servers in real-time. When you visit a website, Chrome checks it against a list stored on your computer of thousands of popular websites that are known to be safe."
"If the website is not on the safe-list, Chrome checks the URL anonymously with Google (after dropping any username or password embedded in the URL) to find out if you're visiting a dangerous site," Google adds.
Chrome will only check a partial URL fingerprint (the first 32 bits of the URL's SHA-256 hash) with Google to confirm that the site is indeed dangerous.
Testing done by Google before the feature's release showed a 30% increase in protections by alerting users of brand new phishing sites they visit.
Predictive phishing protection will also be improved by enabling automatically for users who sign into their Chrome accounts even when Sync is not toggled on.
This feature warns "users who are syncing history in Chrome when they enter their Google Account password into suspected phishing sites that try to steal their credentials."
Starting with Chrome 79, it will also work to protect users' passwords stored within the web browser's built-in password manager, thus expanding the number of people who have their credentials defended to hundreds of millions according to the search giant.
"If Safe Browsing determines that the site is indeed suspicious or malicious, Chrome will immediately show you a warning and encourage you to change your compromised password," Google adds.
"If it was your Google Account password that was phished, Chrome also offers to notify Google so we can add additional protections to ensure your account isn't compromised."
Automated checks for stolen credentials
Google also leak detection for credentials in February to the Chrome browser with the release of the Password Checkup extension, alerting users if their credentials have been impacted by a data leak by checking against a collection of over 4 billion credentials known to have been leaked.
Later this year, during October, Google integrated the Password Checkup feature directly into Google Accounts and made it available through the Google Password Manager at passwords.google.com.
This made it easier to warn users if their passwords have been compromised in data breaches or have security issues such as weak strength.
Google checks credentials against the following criteria:
• Check if the credentials have been exposed in a third-party data breach.
• Check if the passwords are being reused among multiple sites.
• Whether the passwords are considered weak and can be easily brute-forced by an attacker.
The feature can be controlled by users in the 'Sync and Google Services' section of Chrome's Settings and with the help of the PasswordLeakDetectionEnabled policy by Enterprise admins.
All the new and improved features will be rolled out gradually over the next few weeks to all Google Chrome users. More information on the new and improved password protection features is available in this post on the Google Security Blog.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now