Google Chrome 86 is available for download. And the least we can say is that the developers at Google have been busy. This update to Chrome significantly strengthens the privacy of user data.
Google announces that it has made a lot of progress on Privacy Sandbox, an initiative intended to create an open standard on best practices to be adopted to preserve the protection of users on the web.
Stronger security and better privacy protection
Google presented last January its various plans to make third-party cookies obsolete. After several months of work with other web players, several new features have been implemented and are being tested in Chrome. A click-conversion measurement API is already being tested to allow online marketers to determine whether a click on an ad has turned into a purchase or sign-up on another site, without the user is not identified.
Google also continued to work on improving its existing security and privacy technologies. At the beginning of the year, Google had started to limit cross-site tracking.
With Google Chrome 86, third-party cookies are now filtered for 99.9% of registered sites that do not need them. In an upcoming update, expected to be unveiled in early 2021, Chrome will also bolster its arsenal against certain types of network attacks that aim to hijack user credentials to target their accounts.
Finally, Chrome takes advantage of several new features that are supposed to reduce too intrusive tracking techniques such as fingerprinting. Google says it rolled out an update in September that helps prevent the accidental sharing of information such as usernames and access tokens. Google has also extended support for Chrome’s encrypted DNS support from the desktop version to the mobile version on Android.
Now, the user’s web browsing will automatically switch to DNS-over-HTTPS when the user’s DNS provider allows it. To conclude on the protection of private data, Google indicates that it will soon remove the possibility for a site to use the browser cache to find out about other sites visited by the user.
Better management of mobile passwords
But this update of Chrome to version 86 is above all an opportunity for Google to improve the security of its browser on iOS and Android. As of today, the mobile version of the browser is able to tell you when a password saved in the browser has been compromised. To do this, Chrome sends a copy of your username and password to Google using an encrypted form. Each item is then compared against lists of identifiers from known data leaks.
When a username is compromised, Chrome automatically displays an alert to the user. And to take care of it, the browser is now able to redirect the user directly to the page dedicated to changing the password of the website concerned.
Android welcomes enhanced secure browsing
On Android, users will now be able to take advantage of Enhanced Safe Browsing that Google launched on desktop earlier this year. This feature provides advanced security options to the user, including protection against phishing, malware, downloads and potentially malicious sites. To provide effective protection, Chrome shares browsing data in real time with the Google Safe Browsing service, which is responsible for detecting online threats. Enabling this protection system would have resulted in a 20% reduction in users being tricked into entering their credentials on a phishing page.
Mandatory authentication for automatic password entry on iOS
Another measure put in place to strengthen the security of personal data, mandatory authentication for automatic password entry on iOS. Automatic authentication, already in place on Android since this summer, allows iOS users to strengthen the security on their device by identifying themselves using the fingerprint sensor, Face ID, or iPhone lock passcode, to confirm the automatic entry their usernames and passwords in the forms.
On iOS, users will even be able to use Chrome’s Keychain to automatically fill in their usernames and passwords in other apps and browsers. This will require them to turn on Chrome’s autofill in iPhone settings.
Automatically blocked insecure forms and downloads
To complete its artillery in terms of protection, Chrome 86 now displays security alerts on HTTPS pages hosting insecure content. On Desktop and Android, users will see an alert when they are about to submit a form that does not use an HTTPS connection to be sent. The presence of such “mixed content” will also trigger alerts for other items, such as unsecured download links offered on pages that use HTTPS.
Finally, Chrome 86 will block or alert the user when they are about to download an unsecured item from a secure page. Eventually, HTTPS pages will be forced to use secure links to offer downloads, otherwise Chrome will automatically block content.