Juniper Networks, KnowBe4 re Chrome 79 Security Features & Fixes

In response to Google’s issuance of Chrome 79 with new security features including password protection; real-time and predictive phishing protection, and improved profile display, experts offers perspective below.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
December 13, 2019 1:26 pm

It’s important to be aware of the risks of using browsers to access webpages and while 51 security fixes could be high compared to other fixes by Chrome in the past, they recognize the issue and have taken steps to fix it.

Re the predictive phishing feature, the ability to spot a phishing email is important for end users and with proper security awareness and training, will help them spot those types of emails. Technology can stop a lot of the attempts, but the criminals are evolving their types of attacks. No doubt the criminals are updating their browsers and trying the phishing emails against them and whichever ones work will be the ones they send to their victims. Technology is only part of the environment to protect against phishing — the human firewall is the other.

Last edited 2 years ago by James McQuiggan
Mounir Hahad
Mounir Hahad , Head
InfoSec Expert
December 13, 2019 1:22 pm

Let’s talk about the Chrome synced password checkup tool. First of all, never store a password in a browser. That’s just bad practice. But it seems like Google is almost encouraging this practice by giving people the impression of added security by checking if their password has been previously leaked online.

The real-time blacklisting of sites has been sorely needed for a long time. It has been known for years that bad actors flip domains every 20 minutes or less. But the change is necessary for Google because the list of bad domains and URLs is very large and does not make sense to keep downloading it to the browser. With this change, Google only downloads to the browser a list of popular, known ‘good’ sites instead of a long list of bad URLs. Most network security solutions have been functioning this way for years in enterprise environments. As for the privacy issue, removing usernames and passwords is not all the privacy people need. For example, Google would still know you are browsing your vet’s website and, therefore, probably have a pet at home, which should inform the advertising platform.

The predictive phishing feature will help, but Google should not restrict the feature to only those credentials stored in the browser. The technology should apply equally, even if you are manually typing your password.

Last edited 2 years ago by Mounir Hahad
2
0
Would love your thoughts, please comment.x
()
x