Freshly polished Chrome
Chrome 79 is now available, with the latest version of Google’s web browser coming complete with a fully integrated password protection feature, improved anti-phishing technology, and more than 30 security patches.
Top of the bill for Chrome 79 is a new password protection feature that will warn web surfers if their username and password have been compromised when they type them into a website.
“Whenever Google discovers a username and password exposed by another company’s data breach, we store a hashed and encrypted copy of the data on our servers with a secret key known only to Google,” the search giant explained.
“When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome.”
In order to determine if your username and password appears in any breach, Google said it is making use of a technique called ‘private set intersection with blinding’ that involves multiple layers of encryption.
Read more browser security news from The Daily Swig
“This allows us to compare your encrypted username and password with all of the encrypted breached usernames and passwords, without revealing your username and password, or revealing any information about any other users’ usernames and passwords,” it said.
The password protection feature follows Mozilla’s launch of Firefox Monitor – a similar service powered by Troy Hunt’s Have I Been Pwned database – last year.
Real-time phishing protection
Also new for Chrome 79 is a real-time phishing protection feature for Google’s decade-old Safe Browsing service.
While the company said Safe Browsing continues to detect thousands of new phishing sites each day, some sites have slipped through the net by “switching domains very quickly or by hiding from Google’s crawlers”.
Google’s Safe Browsing feature detects thousands of malicious sites each day
Now, however, new capabilities allow the service to inspect the URLs of pages visited in real time.
“Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new,” Google said.
Patch bonanza
Last but not least for Chrome 79 are more than 30 security vulnerability fixes, including patches for two critical and eight high-ranking bugs.
Researchers from Tencent Keen Security Lab in China scooped more than $20,000 for disclosing a critical use after free vulnerability in the Bluetooth component of Chromium.
The discovery of the second critical flaw – a heap buffer overflow in Chrome’s built-in password manager – was attributed to Sergei Glazunov of Google Project Zero.
Two of the remaining security fixes in Chrome 79 were discovered by Polish pen testers at Securitum. The company said a full technical write-up will follow over the coming weeks.
READ MORE Site Isolation bypass discovered in Google Chrome’s Payment Handler API
