13 December 19, 09:34
Quote:Continue Reading
Google released a new stable version of the company's Chrome web browser on December 10, 2019. Google Chrome 79 is currently being rolled out globally.
Chrome users may run a manual update check to retrieve the update immediately; this is done with a click on Menu > Help > About Google Chrome. Chrome should pick up the new version automatically at that point, Chrome version 79.0.3945.79, and install it. A restart is required to complete the update.
Chrome 79 comes with several security improvements that Senior Product Manager AbdelKarim Mardini highlights on the official Chrome blog.
Note that the majority of improvements are being rolled out over time, and that they are linked to specific settings in Chrome.
Leaked Password Checks
Google has integrated password checks into the web browser that check if usernames or passwords have been compromised in data breaches. The company started to integrate the password checker in Chrome in September 2019 and introduced the functionality for Google Accounts. The function was previously available as a standalone extension for the Chrome browser.
The main idea behind the feature is simple: Google collects information about leaked usernames and passwords and maintains a database. Chrome checks hashes against the database to find out if the used data has leaked previously.
Chrome users may control the functionality under Settings > Sync, or by loading chrome://settings/syncSetup directly in the browser's address bar.
Google notes that the feature is being rolled out gradually to all signed in Chrome users as part of the Safe Browsing protections.
Better Phishing Protection
Google improved the company's Chrome browser's phishing protection in Chrome 79. One of the main improvements moves phishing protection from a 30-minute update interval to real-time on desktop versions of Chrome.
Google implemented this to counter attacks that tried to evade detection.
Quote:However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers.
The feature is being rolled out to Chrome users who have "Make searches and browsing better" enabled. The setting is available on the chrome://settings/syncSetup page; downside to activating the option is that visited URLs are submitted to Google.
Another phishing-related improvement is an extension of the browser's predictive phishing protection. Already enabled since 2017 for Chrome users who have Sync enabled, it is now protecting Chrome users who don't use sync.
Quote:Now we'll be protecting your Google Account password when you sign in to Chrome, even if Sync is not enabled. In addition, this feature will now work for all the passwords you store in Chrome’s password manager. Hundreds of millions more users will now benefit from the new warnings.
Google makes no mention of dependencies in the announcement.
...