Chrome 91 launched a few days ago headlined by enhancements such as an improved File System Access API and support for the automatic transfer of one-time passwords (OTP) from SMS to cross-origin iframes on the web.
It appears that the browser is set to receive more security enhancements, particularly around the Enhanced Safe Browsing experience.
For those unaware, Enhanced Safe Browsing was launched in May 2020 and is an opt-in feature that sends webpages to Google Safe Browsing to proactively check if they're safe. If you're signed into Chrome, this protection also extends to other Google services through your Google Account.
With Chrome 91, Google will be rolling out more improvements to Google Safe Browsing. The first planned enhancement has to do with Chrome extensions. When you download a new extension, you will get a new dialog box which will tell you whether the extension comes from a trusted developer or not. If it's not in Google's list of trusted extensions, the warning will say "Proceed with caution - This extension is not trusted by Enhanced Safe Browsing", and users will have the option to either pay heed to the warning or dismiss it and continue with the install.
Google says that extensions which follow the Chrome Web Store Developer Program Policies are already trusted. Meanwhile, new developers will have to follow guidelines for at least a few months before they are considered to be reliable. Based on this criteria, 75% of extensions on the Chrome Web Store are considered to be trusted already, and this number will obviously grow as new developers continue to obey Google's guidelines.
The other improvement to Chrome revolves around the download experience. Although the browser already scans the metadata of a download and informs you if it appears to be unsafe, users will now have the ability to send a seemingly malicious file to Google Safe Browsing for a more detailed analysis. This will take a short time and the file will be deleted from Google's repository after scanning is complete and the end-user has taken a decision. Alternatively, users can also choose to bypass this system altogether.
This feature was already made available to the Advanced Protection Program (APP) in September 2020. APP is designed to secure accounts of high-risk individuals such as journalists, business executives, activists and people involved in electoral processes. While the service is free to use, people who enroll in the program may have to pay a fee to procure a security key. As such, it is good to see that Google is rolling out the capabilities to the general public as well.
Although Google has not clarified when both of these enhancements will be available, its wording suggests that rollout will happen soon and in a staggered manner.