In yet another major update, Google has introduced powerful security tools to Chrome. Version 86 of the browser comes with a saved password checker for Android and iOS, which notifies the user if any of them have been leaked in an attack and new controls on downloads not considered safe.
Additions vary by browser distribution. For Android and iOS, new features include the password verification tool already known to desktop users. The feature notifies the user if any saved passwords have been exposed in a data leak and suggests an immediate change, similar to one of the tools recently added in Safari.
On the other hand, Google is pushing the adoption of the W3C standard for password replacement page URLs (eg site.com/.well-known/change-password). Those who adapt to the suggestion will allow the browser to incorporate a button for quick password change, directing the user quickly to the dedicated page on the desired website.
For iOS, another interesting feature arrives in Chrome 86: users will be able to choose their biometric identification (Touch ID or FaceID) to apply passwords. The same has been happening with Android for some time now.
Version 86 introduces new alerts for HTTP processes. Chrome starts to inform the user whenever he is filling out form data on a website that adopts the HTTP standard, notifying that that connection “may not be secure” and will remove the auto-completion feature. The same will happen when the user downloads some file via HTTP communication.
Another tool being added by Google is the experimental “URL shortening” security feature. Chrome will no longer display all URL content in the address tab by default, just highlighting the main domain. This restriction seeks to highlight the name of the site and allow the user to read it without further distractions, trying to avoid phishing that exploit “typos” — common typing mistakes.
The news is still being sent to all distributions. If you haven’t updated yet, it’s worth checking to see if there’s a download available in your app store.