Google Chrome Getting Extra Security To Prevent SAML Attacks


Google today announced a new change that is coming to Chrome which looks to add an additional level of security to proceedings. However, this is not going to be something that most individual users will encounter or even need to be aware of. This is due to the change relating to the use of Security Assertion Markup Language (SAML). This is largely considered to be the standard protocol used for third-party authentication pages and is therefore likely to be used by a number of businesses and organizations that have a sign-in process as part of gaining access to a site. It is in these instances where the change will primarily be seen and why the announcement came through the company's G Suite blog, in contrast to a dedicated Chrome announcement – in spite of this being a Chrome-wide change.

Starting from May 7 those signing in to a site which uses SAML as an authentication process will be redirected to a more typical 'Google login'-looking page to verify who they are once more. The page itself will not actually require the user to login to their Google account, but confirm the account that is being used at the time is the correct Google account. Google states this is a necessary feature noting how it is possible for attackers to make use of Google accounts they control to be signed in to when clicking links, such as with a phishing campaign. With this new measure in place the logging in process via SAML will announce the user's Google account to the user and therefore any inconsistencies will be noticeable before an issue arises.

Google understands that this might seem like a burdensome task for businesses, organisations, and their associates, and therefore Google has confirmed the use of the extra level of security will only need to be verified once per account (person), per device. Likewise, business and organizations will have the option of disabling the feature altogether if the sites accessed using SAML are trusted enough to begin with. In addition, those businesses and organizations which primarily use Chromebooks and Chrome OS in general will not be affected, as while this change is occurring to Chrome as a whole, it is not to Chrome OS – due to the more unique nature of the operating system. As mentioned, this will also not affect individual users.


Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.

John has been writing about and reviewing tech products since 2014 after making the transition from writing about and reviewing airlines. With a background in Psychology, John has a particular interest in the science and future of the industry. Besides adopting the Managing Editor role at AH John also covers much of the news surrounding audio and visual tech, including cord-cutting, the state of Pay-TV, and Android TV. Contact him at [email protected]

View Comments