Breach, Threat Management, Data Security, Malware, Network Security, Phishing

Real-time phishing alerts and stolen password warnings added to Chrome

Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser.

The real-time anti-phishing capabilities represents an upgrade to Google's Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites that browsers can check against.

Typically, when a Chrome user visits a website, the browser checks the URL against a locally stored version of the Safe Browsing list, which is updated every half hour. However, Google says some malicious actors have been able to circumvent this protection by quickly switching domains and hiding from the company's crawlers.

But Chrome's real-time phishing detection abilities will crack down on such evasive measures. Whenever a user visits a web page, this service will check the URL against a locally stored list of safe sites. If a URL isn't on the whitelist, Chrome will then check with Google to see if the site is dangerous. "Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new," states a Google blog post written by Chrome Team members Patrick Nepper, Kiran Nair, Vasilii Sukhanov and Varun Khaneja.

Additionally, the release this week of Chrome 79 will also introduce Google's predictive phishing capabilities to anyone who is signed in to the browser. Previously, this protection was available only to users that enabled Chrome's "Sync" function.

The predictive anti-phishing feature works similarly to the real-time phishing service, and activates whenever a user is entering one of their protected passwords into an unusual website. If the site does not appear on a locally stored whitelist, Chrome checks the website's legitimacy via Google. If the site is assessed as malicious or suspicious, Chrome issues a warning and advises the user to change his or her credentials.

Finally, Google announced that that its password breach warnings, originally offered earlier this year as an extension, would be available to all via Chrome.

The service compares usernames and passwords entered by the user when signing on to a website to more than 4 billion compromised credentials. If a match is found, the user is warned and advised to change his or her credentials. The technology Chrome uses during this process leverages hashing, encryption and anonymization techniques so that a user's various credentials remain private, and cannot even be seen by Google.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.