Tuesday, November 5, 2024

Google Chrome gets a mind of its own for some security fixes

Must read

Google has enhanced Chrome’s Safety Check so that it can make some security decisions on the user’s behalf.

Safety Check debuted in 2020 as a way to check when passwords stored in Chrome have been compromised, to encourage browser updates, and to warn users when websites have been deemed unsafe by Google’s Safe Browsing service.

It was expanded in the years since with real-time Safe Browsing checks that cover harmful Chrome extensions.

As outlined by Chrome product manager Andrew Kamau in a blog post provided to The Register, the Chocolate Factory’s browser will now intervene on its own to revoke unneeded permissions and unsubscribe from abusive notifications.

“The revamped Safety Check feature will now run automatically in the background on Chrome, taking more proactive steps to keep you safe,” explained Kamau. “It will also inform you of actions it takes, including revoking permissions from sites you don’t visit anymore, flagging potentially unwanted notifications and more.”

Potentially unwanted notifications are determined by low site engagement score and notification frequency above a certain threshold per day.

Browser notifications deemed deceptive (not just potentially so) will be canceled automatically rather than flagged if Google’s Safe Browsing service recognizes the host site as dangerous, according to Kamau. And Safety Check will remind Chrome users to take action if flagged issues remain unaddressed.

Safety Check has been running in the background in Chrome for Desktop at least since late last year, and we’re told that doing so on mobile devices periodically doesn’t materially affect battery life. What’s new to mobile is information about actions taken, reminders of unaddressed security issues, and automatic revocation of permissions for abusive notifications.

On desktop versions of Chrome, Safety Check will notify users about installed Chrome extensions that present a security risk and then load the extension page and show a summary panel that includes controls for removal.

Chrome users on Pixel devices, and soon other Android hardware, will be able to opt out of unwanted website notifications via an “Unsubscribe” button on the notification drawer. According to Kamau, Pixel users have seen a 30 percent reduction in notification volume as a result of this change.

Kamau also noted how one-time permissions for Chrome on Android and desktop have provided users with more control over the data shared with websites. Google introduced support for one-time permissions in Chrome 116, which debuted in August 2023. One-time permissions ensure that sensitive permissions aren’t retained unnecessarily, which makes abuse less likely and improves privacy.

Other browser makers implement one-time permissions differently. For example, Apple’s Safari 16 for desktop makes geolocation a one-time permission by default. In Mozilla’s Firefox 115, geolocation, camera, and microphone are all one-time permissions by default. ®

Latest article