A future Google update should include a utility that will gauge the strength of the password you want to create when signing up for a service.

Google knows that you tend to use weak passwords to secure your accounts. Computer security experts too. Just like pirates, by the way. In short, everyone agrees that quality is not always there when it comes to creating a new password. The tops in the matter make you want to tear your hair out.

To remedy this, Google has a plan: to integrate a tool into its Chrome web browser that can gauge the strength of passwords. This indicator must obviously warn the Internet user that the code he wishes to use to create an account in such and such a place satisfies more or less the requirements of the genre — length, complexity.

We can clearly see the stratagem behind this feature: it is a question of dissuading individuals from taking the easy way out with a “azerty123”, “000000” or “azertyuiop”. It is true that more and more websites are rejecting passwords that are really too simple, for example when they only contain letters or numbers, or when they repeat characters.

Not an innovative option, but it can be a game-changer with Chrome

This future option is of course not a major innovation in the field of tech: password managers like KeePass or Dashlane provide an equivalent service. In another genre, the National Information Systems Security Agency provides an evaluation table to show when a password is considered rather strong.

But the fact is that Chrome is the most widely used browser in the world and therefore such an option can, when deployed, alert millions of people. Of course, the web browser won’t prevent you from using “doudou” as a password (but the platform on which you want to use it, maybe it will), but you will know what to expect.

And probably in the lot, the option will protect a little more people – even if it’s only a fraction.

When it comes to passwords, there are several rules that should be followed. Beyond the instructions to follow to have a good password, it is recommended not to write it down either in a notebook or on a post-it. It is better to favor a password manager: the risk-benefit balance is more favorable. Nor is it necessary to change it every four mornings.

The Chrome browser will also start judging your passwords

This is a feature that should displease hackers. Google Chrome will help make your passwords more robust thanks to a “strength indicator”.

While sites or extensions already exist to alert you to the strength of your passwords, Google should join the dance by integrating this functionality into its Chrome browser. The option developed by Google “enables the password strength indicator when entering a password during the registration and password change flows”. This feature will be available on Windows, Mac, Linux, ChromeOS, Fuchsia and Lacros.

Chrome will judge your passwords and tell you if they suck

Many websites or browser extensions inform you of the strength of your password when you create it or when you change it. In addition, password managers make it possible to create strong passwords and save them automatically. Google is working on a new feature for its Chrome browser that will indicate the strength of a password typed in by the user.

A PASSWORD STRENGTH INDICATOR COMING SOON IN CHROME

Luckily for you, Google won’t judge you every time you type your password “Pascale75” to log on to your son’s college site to check his grades. This password strength indicator is expected to arrive on Windows, Mac, Linux, Chrome OS, Fuchsia, and Lacros. To overcome the problem of password complexity, we advise you to use a password manager, which allows you to remember only one strong password to access all the others.

GOOGLE PREPARES THE END OF PASSWORDS

Another change in Chromium, the core of Chromium, shows that Google is looking at “passkeys”, a passwordless authentication system that uses biometrics (and other means). A method that Apple or Microsoft are also working on.

A new button called “Manage Passkeys” has appeared in Chromium, which allows users to view and manage the “passkeys” stored on the device.

Candiru exploited a zero-day flaw in Google Chrome to target journalists

The since-patched flaw allowed attackers to run DevilsTongue software to spy on specific targets.

Exposed in 2021 by the NGO Citizen Lab and Microsoft, the Israeli spyware supplier Candiru (alias Saito Tech) is coming back after months lurking in the shadows. We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited to attempt to attack Avast users in the Middle East. Most of the attacks targeted Lebanon and journalists from a news agency. Other malicious cyber acts have been identified in Yemen, Palestine, and Turkey.

The vulnerability, patched on July 4 by Chrome, was a memory corruption in WebRTC that was abused to get shellcode executed in Chrome’s rendering process. Based on the malware and HTTPs used, Avast came to the conclusion that it was indeed Candiru that was behind these “highly targeted” attacks, in their words.

DevilsTongue installed!

In Lebanon, for example, attacks compromised a website used by employees of a news agency by injecting malicious JavaScript code. Candiru then redirected targets to a server, and was able to collect a browser profile to send to attackers. The profiles usually contained the following information: victim’s language, time zone, screen information, device type, browser plugins, referrer, device memory, cookies functionality among others . The attackers were then able to run the spyware installer, DevilsTongue.

“We can’t say for sure what the attackers might have been looking for, but often the reason attackers go after journalists is to spy on them and the stories they work on directly or to access their sources. remarks Avast.

If the exploit was designed specifically for Chrome on Windows, researchers believe the potential vulnerability could also affect Microsoft Edge, Avast Secure Browser, and Apple’s Safari. All applied patches this July 2022. In November 2021, the Biden administration announced that it had blacklisted the Israeli company Candiru, along with its better-known counterpart, NSO Group, the publisher behind the spyware Pegasus.