Juniper Networks, KnowBe4 re Chrome 79 Security Features & Fixes

In response to Google’s issuance of Chrome 79 with new security features including password protection; real-time and predictive phishing protection, and improved profile display, experts offers perspective below.

Experts Comments

December 13, 2019
Mounir Hahad
Head
Juniper Threat Labs, Juniper Networks
Let’s talk about the Chrome synced password checkup tool. First of all, never store a password in a browser. That’s just bad practice. But it seems like Google is almost encouraging this practice by giving people the impression of added security by checking if their password has been previously leaked online. The real-time blacklisting of sites has been sorely needed for a long time. It has been known for years that bad actors flip domains every 20 minutes or less. But the change is.....Read More
Let’s talk about the Chrome synced password checkup tool. First of all, never store a password in a browser. That’s just bad practice. But it seems like Google is almost encouraging this practice by giving people the impression of added security by checking if their password has been previously leaked online. The real-time blacklisting of sites has been sorely needed for a long time. It has been known for years that bad actors flip domains every 20 minutes or less. But the change is necessary for Google because the list of bad domains and URLs is very large and does not make sense to keep downloading it to the browser. With this change, Google only downloads to the browser a list of popular, known ‘good’ sites instead of a long list of bad URLs. Most network security solutions have been functioning this way for years in enterprise environments. As for the privacy issue, removing usernames and passwords is not all the privacy people need. For example, Google would still know you are browsing your vet’s website and, therefore, probably have a pet at home, which should inform the advertising platform. The predictive phishing feature will help, but Google should not restrict the feature to only those credentials stored in the browser. The technology should apply equally, even if you are manually typing your password.  Read Less
December 13, 2019
James McQuiggan
Security Awareness Advocate
KnowBe4
It’s important to be aware of the risks of using browsers to access webpages and while 51 security fixes could be high compared to other fixes by Chrome in the past, they recognize the issue and have taken steps to fix it. Re the predictive phishing feature, the ability to spot a phishing email is important for end users and with proper security awareness and training, will help them spot those types of emails. Technology can stop a lot of the attempts, but the criminals are evolving their.....Read More
It’s important to be aware of the risks of using browsers to access webpages and while 51 security fixes could be high compared to other fixes by Chrome in the past, they recognize the issue and have taken steps to fix it. Re the predictive phishing feature, the ability to spot a phishing email is important for end users and with proper security awareness and training, will help them spot those types of emails. Technology can stop a lot of the attempts, but the criminals are evolving their types of attacks. No doubt the criminals are updating their browsers and trying the phishing emails against them and whichever ones work will be the ones they send to their victims. Technology is only part of the environment to protect against phishing -- the human firewall is the other.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.