Chrome M79 Will Deliver Cross-Web Security Changes & Features


Google is now rolling out even more user-facing features to Chrome, set to land over the course of milestone version M79. Developed, at least in part, by the Google Safety Engineering Center hub in Munich, the new features are chiefly centered around personal security.

The biggest changes to note here are both related to phishing protection.

Delivered via expansion to Safe Browsing, Google says the changes are partially the result of the fact that some phishing sites slip through its 30-minute refresh window. They generally tend to accomplish that by either switching domains or by hiding from Google's crawlers. As a result, users arrive at a site, and then the site changes. That makes it appear safe when in reality things have changed and that's no longer the case.


To rectify the situation, Google is enabling real-time protection. Chrome will accomplish that by allowing Safe Browsing to check the URL of a site in real-time. The site URL will be compared to a known safe list. If the website isn't safe, Chrome checks the URL anonymously with Google.

Google will determine if the site is dangerous and alert the user if that's the case. The search giant is expanding on that further by performing a similar URL check even where users aren't syncing, whenever they enter their password into a site. That will work for any passwords stored in Chrome's password manager.

If a site is found to be dangerous in the second instance, Google will immediately inform the user. It'll also offer up advice regarding changing the now potentially compromised password.


Finally, Chrome will now react if it was a Google Account that was potentially compromised. That's including in cases where passwords are reused across multiple services. In essence, Chrome will notify Google. Then the company put extra protections into place. The goal is to ensure that if that happens, the Google account is never compromised.

Not entirely new Chrome M79 news, could be good for the company anyway

Not all of the changes are entirely new here. In fact, at least one was reported as early as October. So that's not entirely new in Chrome M79. Namely, that's real-time password checking built right into Chrome.

Built-up as part of an expansion to the Password Checkup extension and tools, Chrome will now have those features built-in. After the updates, Chrome will throw a warning when credentials entered in the browser have been part of a data breach.  That will come complete with common methods to change the password in question as well as general advice about passwords.


Combined with Google's built-in password manager, that should make it fairly easy to get strong new credentials when things go awry.

These changes are arriving as the company continues to face scrutiny about its handling of user data and possible anti-trust issues. Most recently, the company is being investigated almost across the board, including almost every service it offers.

So the changes could indicate that Google is ready to shift course or that it's attempting to regain public trust. That won't necessarily work if the new tools end up blocking competing sites but, for now, it feels like a step in the right direction.


Changes will land staggering on various platforms

Because these changes are a part of a wider milestone update, they won't be arriving on all platforms all at once. They should, however, be arriving on the server-side of the equation. So, beyond the need to update to Chrome version 79, users shouldn't need to do much by way of updating again to gain access. Specifically, Google says that each will arrive in due course over the course of "the next few weeks."

That means that they should arrive between now and the launch of Chrome version 80. That can't be guaranteed since there may still be bugs and other problems to work out. But it does give Google plenty of leeway to get everything working smoothly before implementation.