Chrome version 86 has arrived and it's bringing big security improvements to both Android and desktop platforms. That's based on a recent blog post from the company, detailing the changes.
Now, most of the security improvements in Chrome 86 are hitting Android, rather than desktop Chrome. In fact, at least one new feature has already been on desktop Chrome for some time. Namely, that's Enhanced Safe Browsing.
When Enhanced Safe Browsing is turned on, Google utilizes real-time data shared with its Safe Browsing service. That helps it to go above and beyond standard private browsing.
When implemented on desktop, users with the feature turned on input their passwords on phishing sites 20-percent less. That's because it checks proactively for phishing, malware, and other dangerous site activity. Now, that's going to be turned on for Android.
Additionally, Google is bringing password protections to both Android and iOS via real-time password scanning. The feature works by scanning passwords saved against a list of credentials that are known to have been compromised. That works via Chrome sending those details to Google via a "special form of encryption."
Google says the company itself can't derive a user name or password from the encrypted copy. So it's not immediately clear how the password or username is checked. Regardless, if a password is compromised, Chrome alerts users and helps them figure out what to do next. That includes support for direct linking URLs, where available. So users can jump straight to changing their passwords from the alert.
What else is new in Chrome 86 for Android and iOS?
Now, Google is including Safety Check on Android and iOS devices as well, which is another feature already available on desktop platforms. Summarily, that's the tool that helps users manually check that their passwords are safe. But it also informs users whether or not their Chrome is up-to-date and whether Safe Browsing is enabled at all.
Conversely, this marks the addition of Chrome autofill for iOS, including in other apps or browsers. And, of course, iOS is getting a couple of extra features too. Including the ability to log in with biometric authentication for autofill. So, iOS users will be able to use Face ID, Touch ID, or a password to authenticate. That will keep the autofill functionality safer from misuse — if the phone is lost or stolen, for example.
Desktop Chrome isn't being left out of these security updates either
Finally, Chrome 86 on both Android and desktop platforms is getting a big improvement to how it handles secure HTTPS pages. Chiefly, the update will ensure that users are alerted and aware when they're getting ready to submit a non-secure form. Even when that's been presented by a secured page. And the browser is going to warn or block users about insecure downloads too.
Initially, on the latter change, that's only going to apply to "commonly abused file types." But it won't stay that way for too long. The goal is to protect users from downloads and forms that can be hijacked even when they're on secured sites. Mixed-downloads and forms represent a security loophole that Google intends to close over time.