A new version of Google Chrome, released Tuesday, blocks phishing attacks 50 times faster and uses less battery power in the process. It’s one of several new security abilities built into Chrome 92 as part of its effort to squelch the risks of going online.
Chrome’s new technology spots phishing websites — fakes designed to harvest your personal data — through a new approach to scrutinizing the sites’ color choices, Google said. The analysis now takes tenth of a second on average instead of 1.8 seconds, increasing the likelihood that it’ll be finished before you have a chance to hand your password over to thieves.
The web is a dangerous place. It’s possible to use operating system shortcomings to hack mobile phones, as NSO Group’s Pegasus spyware shows, but the web by design is far more open. When you open a website, your web browser runs code that hasn’t been approved by any app store review. That requires extra protection, like sandboxing that confines software processes to their own memory compartments.
The anti-phishing technology also cuts battery use for Chrome’s core process by 1.2% overall. That may not sound like a big number, but people spend a lot of time in their browsers, and a single percentage point can make a big difference over time.
Chrome 92 brings other security improvements, too.
The browser has a new way to check when you’ve granted a website permission to use your camera, microphone or location data and to change those permissions for people using Chrome on Android. Tapping the lock icon on the left side of the address bar will open a panel that lets you see and change the permissions. The feature will come to other versions of Chrome later. An upcoming release will let you delete that website from your browsing history, too.
Chrome actions let you type commands into Chrome’s address, and there’s a new one: “safety check.” Typing it in will launch a Chrome process to check your stored password security and scan for malicious browser extensions. (Other Chrome actions include “delete history,” “edit passwords,” “wipe cookies” and “translate this.”
And Google’s site isolation technology, which partitions computing processes into separate zones to make Spectre-class data theft attacks harder, is now used more widely. First, site isolation now isolates separate extensions to limit the attacks one can mount on another. Second, site isolation now works on more websites for Chrome on Android, notably those where you’re logging on with a third-party service like those from Facebook, Google and Apple.