Chrome 79 Adds Password Theft Detection, Real-Time Protection Against Phishing Scams
In October, Google went a step further and integrated the Password Checkup feature directly into the Google Account, making it available from passwords-google.com. The next natural step for the Password Checkup extension was to integrate it directly into Chrome. With the new integration, when Google discovers another company's data breach exposed a username and password, an encrypted copy of the data is stored in the company servers with a secret key known only by Google.
When users sign into a website, Chrome sends a hashed copy of the username and password to Google with encryption using a secret key that only Chrome knows so that no one, including Google, has access to the username or password from that encrypted copy. The username and password is processed using a technique called private set intersection with blinding. That technique features multiple layers of encryption to compare the encrypted username and password to credentials that are known to be compromised to check if your data is secure.
Google notes that only the user will know if their credentials have been compromised. If your credentials have been compromised, Chrome encourages users to change their password. Users can control the feature in "Sync and Google Services."
The browser will also gain real-time phishing protection. Google says that every day, Safe Browsing discovers thousands of new unsafe sites and adds them to the blocklists shared with the web industry. Chrome will check each URL visited, and file that is downloaded against that list updated every 30 minutes. That feature is initially for users opted-in to "Make searches and browsing better."
Last time we talked about Chrome was when Chrome OS 78 gained better virtual desktop support and other new features.