Freshly polished Chrome
Chrome 79 is now available, with the latest version of Google’s web browser coming complete with a fully integrated password protection feature, improved anti-phishing technology, and more than 30 security patches.
Top of the bill for Chrome 79 is a new password protection feature that will warn web surfers if their username and password have been compromised when they type them into a website.
“Whenever Google discovers a username and password exposed by another company’s data breach, we store a hashed and encrypted copy of the data on our servers with a secret key known only to Google,” the search giant explained.
“When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome.”
In order to determine if your username and password appears in any breach, Google said it is making use of a technique called ‘private set intersection with blinding’ that involves multiple layers of encryption.
“This allows us to compare your encrypted username and password with all of the encrypted breached usernames and passwords, without revealing your username and password, or revealing any information about any other users’ usernames and passwords,” it said.
Real-time phishing protection
Also new for Chrome 79 is a real-time phishing protection feature for Google’s decade-old Safe Browsing service.
While the company said Safe Browsing continues to detect thousands of new phishing sites each day, some sites have slipped through the net by “switching domains very quickly or by hiding from Google’s crawlers”.
Google’s Safe Browsing feature detects thousands of malicious sites each day
Now, however, new capabilities allow the service to inspect the URLs of pages visited in real time.
“Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new,” Google said.
Last but not least for Chrome 79 are more than 30 security vulnerability fixes, including patches for two critical and eight high-ranking bugs.
Researchers from Tencent Keen Security Lab in China scooped more than $20,000 for disclosing a critical use after free vulnerability in the Bluetooth component of Chromium.
The discovery of the second critical flaw – a heap buffer overflow in Chrome’s built-in password manager – was attributed to Sergei Glazunov of Google Project Zero.
Two of the remaining security fixes in Chrome 79 were discovered by Polish pen testers at Securitum. The company said a full technical write-up will follow over the coming weeks.