Google’s Chrome browser will now warn users if their passwords have been exposed in a data breach.
Google this week expanded Chrome password protection features, which are intended to reduce the risk of phishing sites that prompt users to enter their passwords and other sensitive information, according to the company. New protections, which were introduced Tuesday for Chrome 79, include stolen password warnings, real-time and predictive phishing protections and new profile representations for shared devices.
Phishing attacks and data breaches are on the rise. According to the 2019 State of the Phish Report by Proofpoint, 83% of information security professionals surveyed said they experienced phishing attacks in 2018, up from 76% who said the same in 2017.
New Chrome password protection features
Previously, Google offered Chrome password protection extensions such as Password Alert and Password Checkup that warn users if they enter a username and password that are no longer safe because they appear in a data breach known to the company. In October, the Password Checkup extension became a feature in Google Account’s built-in password manager and the Chrome browser where users can conduct a scan of their saved passwords.
According to blog post by AbdelKarim Mardini, senior product manager, Google now offers warnings as users browse the web in Chrome. When users enter their credentials into a website, Chrome will alert them if their username and password have been compromised in a data breach and recommend that they change their credentials.
Users can control this feature in Chrome Settings under Sync and Google Services.
In addition, Google enhanced its list of known phishing domains. Google Safe Browsing maintains a list of malicious websites that was previously updated every 30 minutes, which allowed some phishing campaigns that quickly switch their domains to slip through. With this week’s update, Chrome now checks any site a user visits on desktop in real time, removing the 30-minute delay, and offers phishing warning for unsafe sites.
According to Google, this feature is enabled to users who turn on the “Make searches and browsing better” setting in Chrome.
Chrome also expanded its predictive phishing protection, which is intended to warn users who are signed in to Chrome and have Sync enabled if they enter their Google Account passwords into a site suspected of phishing by Google.
Tuesday’s update expands the protection to users who are signed in to Chrome but do not have Sync enabled. The feature will also work for all passwords stored in Chrome’s password manager.
Lastly, Chrome will now show the photo and username of the profile that a user is currently using on a device. The feature is intended to help users make sure they are creating and saving passwords to the right profile when using Chrome’s password manager, according to the company.