Google has released Chrome 86 for desktop and mobile, which comes with several new and improved security features for mobile users, including:
- New password protections
- Enhanced Safe Browsing
- Easier password filling
- Mixed form warnings and mixed downloads warnings/blocks
New password security features in Chrome 86
The Password Checkup feature came first in the form of a Chrome extension, then was built into Google Account’s password manager and Chrome, and now it has been enhanced with support for the “.well-known/change-password” standard – a W3C specification that defines a well-known URL that sites can use to make their change password forms discoverable by tools (e.g. Chrome, or the latest version of Safari)
This change means that, after they’ve been alerted that their password has been compromised, Chrome will take users directly to the right “change password” form. Hopefully, this will spur more users to act upon the alert.
Enhanced Safe Browsing is added to Chrome for Android
Enhanced Safe Browsing mode, which was first introduced in Chrome 83 (for desktop versions), allows users to get a more personalized protection against malicious sites.
“When you turn on Enhanced Safe Browsing, Chrome can proactively protect you against phishing, malware, and other dangerous sites by sharing real-time data with Google’s Safe Browsing service. Among our users who have enabled checking websites and downloads in real time, our predictive phishing protections see a roughly 20% drop in users typing their passwords into phishing sites,” noted AbdelKarim Mardini, Senior Product Manager, Chrome.
In addition to this, Safety Check – an option that allows users to scan their Chrome installation to check whether the browser is up to date, whether the Safe Browsing service is enabled, and whether any of the passwords the user uses have been compromised in a known breach – is now available to Chrome for Android and iOS.
Biometric authentication for autofilling of passwords on iOS
iOS users can finally take advantage of the convenient password autofill option that was made available a few months ago to Android users.
The option allows iOS users to authenticate using Face ID, Touch ID, or their phone passcode before their saved passwords are automatically filled into sites and iOS apps (the Chrome autofill option must be turned on in Settings).
Mixed form/download warnings
Mixed content, i.e., insecure content served from otherwise secure (HTTPS) pages, is a danger to users.
Chrome 86 will warn users when they are about to submit information through a non-secure form embedded in an HTTPS page and when they are about to initiate insecure downloads over non-secure links.
For the moment, Chrome will block the download of executables and archive files over non-secure links but show a warning if the user tries to download documents files, PDFs, and multimatedia files. The next few Chrome versions will block those as well.
Last but not least, Google has fixed 35 security issues in Chrome 86, including a critical use after free vulnerabilities in payments (CVE-2020-15967).