Google's new browser security update to make password management easier

Google is working on a sizable security update that’ll introduce a total of seven new features to Chrome for desktop and iOS.

Table of Contents

Four of those features are currently making their way to desktop users, and they all involve the company’s Password Manager software. Be sure to keep an eye out for the patch once it arrives.

Starting from the top, Password Manager will have a new home in Chrome’s Settings menu. There, users will be able to manage their login credentials or adjust their security settings. But if you prefer a more direct approach, “you [can] create a desktop shortcut for Google Password Manager,” according to the post.The tech giant is also adding the ability to write down notes for specific logins. As an example, let’s say you have multiple accounts for one website, but you have a hard time remembering every single detail. You can click the key icon in Chrome’s address bar to open a context menu, revealing your notes that house those details. Clicking the pencil icon lets you make edits.Next, the company will allow users to import passwords from third-party managers to Chrome on desktop. The Google Help webpage states people must first convert their credentials into a .csv file before uploading anything to the browser. Detailed instructions on how to do this can be found on the Chrome Help website.

However, it appears the tool will only be able to bring in your information from certain apps. Those apps are Microsoft Edge, Safari, 1Password, Bitwarden, Dashlane and LastPass. No word on future plans to support other sources.

Coming soon

Regarding the final three additions, they will arrive later in the year.

First, Chrome on desktop will be getting biometric authentication, something that’s been exclusive to the mobile app up to this point. Google states that enabling this will add a second “layer of security before” auto-filling credentials. The types of biometric authentication Chrome supports ultimately depends on your computer. For example, if you own a laptop sporting a fingerprint reader, then the browser allow you to sign into accounts with only your fingerprint.

On iOS, Password Checkup on Chrome will begin to flag faulty logins. The tool will urge you to change your information if it detects a weak, reused, or compromised password. The rest of the iOS update consists of minor design tweaks to make some things easier to do. Autofill prompts will be made larger, and whenever you review your saved credentials in the Settings, “multiple saved accounts for one website will be 1686288529 grouped together.”

We reached out to Google for more info on when both the biometric authentication expansion and iOS patch will launch. This story will be updated at a later time.

Google releases plan to protect you from AI threats

As more organizations move toward the adoption of generative AI, Google wants us all to be more concerned about security. To that end, on Thursday the tech giant released its Secure AI Framework (SAIF), meant to be a sort of security roadmap, if a somewhat thinly sketched one for the time being.

But if you’re imagining this is a scheme for averting the sort of existential AI peril Elon Musk is always talking about, think smaller and more immediate.

Here’s a summary of the framework’s six “core elements”:

Elements 1 and 2 are about expanding an organization’s existing security framework to include AI threats in the first place.
Element 3 is about integrating AI into your defense against AI threats, which rather disturbingly calls to mind a nuclear arms race, whether that was intentional or not.
Element 4 is about the security benefits of uniformity in your AI-related “control frameworks.”
Elements 5 and 6 are about constantly inspecting, evaluating, and battle-testing your AI applications to make sure they can withstand attacks, and aren’t exposing you to unnecessary risk.

It looks like for now, Google mostly just wants organizations to bring elementary cybersecurity ideas to bear around AI. As Google Cloud’s info security chief Phil Venables told Axios(opens in a new tab), “Even while people are searching for the more advanced approaches, people should really remember that you’ve got to have the basics right as well.”

But there are already some new and unique security concerns cropping up in the here-and-now with generative AI applications like ChatGPT.

For instance, security researchers have identified one potential risk: “prompt injections,” a bizarre form of AI exploitation in which a malicious command directed at an unsuspecting AI chatbot plugin lies in wait in some block of text. When the AI scans the prompt injection, it changes the nature of the command given to the AI. It’s sort of like hiding a sinister mind-control spell in the text on Ron Burgundy’s teleprompter(opens in a new tab). Weird, right?

And prompt injections are just one of the new types of threats Google specifically says it hopes to help curb. Others include:

“Stealing the model,” a possible way of tricking a translation model into giving up its secrets.
“Data poisoning,” in which a bad actor sabotages the training process with intentionally faulty data.
Constructing prompts that can extract the potentially confidential or sensitive verbatim text that was originally used to train a model.

Google’s blog post(opens in a new tab) about SAIF says the framework is being adopted by, well, Google. As for what the release of a “framework” means for the wider world, it could come to basically nothing, but it could also be adopted as a standard. For example, the US government’s National Institute of Standards and Technology (NIST) released a more general framework for cybersecurity in 2014. That was aimed at protecting critical infrastructure from cyberattacks, but it’s also highly influential, and recognized as the gold standard(opens in a new tab) in cybersecurity by the majority of IT professionals surveyed about it.

Google, however, isn’t the US government, which calls into doubt just how authoritative its framework will be in the eyes of Google’s AI rivals, such as OpenAI. But in security, it looks like Google is trying to lead from the front in the AI space, instead of racing to play catch-up. Perhaps earning back some of the clout it lost in the earlier phases of the AI race is what the release of SAIF is really about.