Get the ECT News Network Editor's Pick Newsletter » Subscribe Today
Welcome Guest | Sign In
ECommerceTimes.com

Google's Chrome 79 Puts Heavy Emphasis on Security

By Richard Adhikari TechNewsWorld ECT News Network
Dec 12, 2019 8:40 AM PT
the latest chrome browser update includes 51 security updates

Google on Tuesday released an update to its Chrome browser with a slew of new features that are heavy on security.

Chrome 79.0.3945.79 has 51 security fixes. It offers improved password protection over earlier versions, real-time phishing protection, and predictive phishing tools.

Fifty-one security fixes is high compared with past Chrome releases, and it shows that Google recognizes the issues and has taken steps to fix them, noted James McQuiggan, security awareness advocate at KnowBe4.

Users with multiple Chrome profiles will see a new visual representation of the profile currently in use so they can save their passwords to the correct profile. This does not change their current Sync settings.

The profile menu allows for easier switching and clearly shows whether a user is signed into Chrome.

Chrome 79 also has tab freezing, which reduces drain on CPU and RAM and saves battery life, and can cache Back and Forward histories for faster loading of sites.

New features for developers include maskable icons, Web XR, new origin trials, and Wake Lock.

Chrome 79 will roll out for Windows, Mac and Linux over the next few weeks.

Security Is the Watchword

When users enter their credentials on a website, Chrome 79 will issue a warning if they have been stolen. This is an evolution of the Password Checkup in users' Google Accounts and can be controlled in Chrome Settings.

The browser offers real-time phishing protection on users' desktops, along with enhanced predictive phishing protection, which warns Chrome users when they enter their Google Account password into a suspected phishing site, even if they have not enabled Sync.

Predictive phishing protection works for all passwords stored in Chrome's password manager.

"Some commercial paid password management programs have built-in password monitoring features," McQuiggan told TechNewsWorld. "Google is delivering this for free to their end users if they wish to store their passwords with them."

Scrambling to Catch Up

Features such as predictive phishing "are table stakes today," remarked Liz Miller, principal analyst at Constellation Research.

"Google has been widely bashed for well over two years, almost since the last update to NIST 800-171 in 2017, for multiple instances of noncompliance -- from login attempt limitations to password reuse or complexity standards," Miller told TechNewsWorld. "So they have been playing catch up."

Further, NIST now requires checking new passwords against common or known lists that may include passwords from breached sites such as Ashley Madison, social media sites such as LinkedIn, and dumps.

Allowing consumers to find out if their private information was compromised by a data breach is a capability Mozilla has been offering for a long time with its Firefox Monitor.

The Real Issue

A bigger problem is that while Google has been playing catch up, "areas like quantum have been innovating and advancing," Constellation's Miller noted.

Are standards that once were considered future-forward enough "when the reality of a quantum encryption cracking feels just around the corner?" she wondered.

"It's not just about passwords but also data protection," said Steve Wilson, principal analyst at Constellation Research.

"If browsers had access to physical chips in the computing platform, and embedded keys, then we could start to digitally sign all routine e-commerce transactions to prevent card-not-present fraud and identity theft," he told TechNewsWorld. "The focus on passwords per se is actually limiting visibility of a bigger authenticity issue."

Further, checking passwords in the operating system is not necessarily a great idea, Wilson remarked.

"Some sites don't need or deserve great passwords," he explained. "It's actually a mystery to me why so many silly little media sites force you to use a password at all. If a site doesn't really need to know who you are, then why not use a fake name, a fake date of birth, and 'password' as your password?"

Using "toy" free email addresses as IDs is "a nice way to protect your privacy," Wilson said, "but if the browser suddenly starts to force people to use serious passwords for every single account, then it creates a new type of problem. It exacerbates password fatigue, and it jeopardizes the care that people do put into their high-worth accounts."

Those Squishy Humans

"Technology can stop a lot of [phishing] attempts, but criminals are evolving their types of attacks," KnowBe4's McQuiggan observed. "Technology is only part of the environment to protect against phishing; the human firewall is the other."

Chrome 79's new features will be only as effective as the user who chooses to comply and prioritize security, Constellation's Miller said.

"How many times do people ignore the expired SSL warning and choose 'advanced settings' and go to the website anyway? We can do any number of updates, patches and improvements to try to bring all of the fish to the security water," she said. "The question is, can we force them to drink?"


Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.


Amazon Advertising: Strategies to Drive Success
How worried are you about climate change?
I believe it will cause global catastrophe in my lifetime.
I'm very worried but I believe nations will come together to reverse it.
I'm very worried and I think the private sector is our best hope.
I'm somewhat worried but I don't think it will affect me much personally.
I've changed my own behavior to do what I can to help the planet.
I'm not worried -- it's a natural cycle.
I'm not worried -- it's a media hoax.
NICE inContact February 12 webinar