The latest Chrome update — that’s Chrome 86, for those of you keeping track at home — has plenty of technical tweaks that the average user won’t care about. But it also has new functions aimed at security that any user could really benefit from. Here’s what to know.
Get Alerts if a Saved Password is Compromised
Chrome already had an option letting users chose to securely save any username and password they want, so that they can load them faster when they return to log back into an online account. Now, they’ll also be alerted when those passwords are found on lists of compromised data. To find out if your data is compromised, Chrome sends a specially-encrypted version of your usernames and passwords that can be checked against trusted online databases. Plus, users will be able to navigate straight to the correct “change password” form with a click, cutting down on all that rummaging through a lengthy list of saved passwords that previous Chrome versions required. Android users already had this ability, as the Chrome blog post announcing the updates noted: It’s a nice security feature that also makes life a little easier for users, and comes as part of Chrome’s Safety Check feature set on iOS and Android. In addition to flagging compromised passwords, these features will confirm if Safe Browsing is enabled, and let users know if their Chrome version has the most recent security updates.
Enhanced Safe Browsing
Another Chrome 86 update is one that debuted earlier this year: Enhanced Safe Browsing. Once turned on, this feature checks users’ visited webpages to verify if they’re potentially phishing, offering malware, or are otherwise unsecured. These predictive phishing measures have already helped drop the number of users inputting passwords in phishing sites by around 20%.
Block Downloads From Less Secure HTTPS Pages
The “S” in HTTPS stands for “secure,” so you could be forgiven for thinking that those pages are themselves secure. But some are more secure than others: Some HTTPS pages can include forms or downloads that operate using the less-secure HTTP protocol. With its new update, Chrome will block downloads that are over unsecured links, even when on an HTTPS page. At the moment, they’re only blocking “commonly abused file types,” but they plan to roll out additional file types soon.
Coming Soon: Get Warnings for HTTP forms on HTTPS Pages
Chrome also has plans to warn users when it spots a potentially unsafe form, even on an HTTPS webpage. Termed “Mixed form warnings,” the ability isn’t actually out with Chrome 86. Instead, it’ll be arriving with Chrome 87. First, they’ll flag it with red text underneath the form, saying “This form is not secure. Autofill has been turned off.” Then, if you choose to go ahead, they’ll offer another warning, a confirmation page that notes, “The information you’re about to submit is not secure” and requires you to click a “Send anyway” button in order to confirm that Chrome has washed its hands of the matter.
Other upgrades
That’s it for Chrome’s new security offerings, though there are other noteworthy Chrome 86 updates. The Chrome OS will be tweaking its icons to make them more uniform, Chrome for Android will get a new overflow menu, and background tabs that haven’t been used for five minutes will now see their CPU time throttled to a max of 1%.
Additional security tips
Password managers can still offer more security features than Chrome, even with this update. We’d recommend 1Password for the ease of use and fine-tuned controls — you can check out our complete review here and try it out for free over here.
30 day Free TrialEven better than LastPass in our testsLocal storage makes saving changed passwords more reliableLarge number of secure note templates for storing sensitive informationVery well-designed app
No automated password changing featureDesktop app seems superfluousNo camera integration on mobile
While the most cautious users will likely consider a password manager for the best security, Chrome’s extra efforts are hugely beneficial for everyone else.