Google has confirmed its latest Chrome upgrade offer for 2 billion users. This appears to make the world’s most popular browser even more convenient and fearture-rich, but it raises serious concerns about your security and privacy. And so, it’s decision time.
Google Chrome is not only the world’s most popular browser, it’s also the world’s most popular password manager. But there are serious caveats in storing passwords in your browser, which by its nature is directly connected to the internet and a prize target for hackers, including those using new AI or extension-based attacks.
Google is taking this side of its browser even further. “Chrome now helps you fill in passport, driver’s license, vehicle information and more,” the tech giant says. “Chrome already saves you time every day by securely filling in your addresses, passwords and payment information. Today, we’re making it even more helpful.”
If you have Autofill enabled on your desktop browser, Chrome will now better read more complex forms, offering to fill in a raft of new data types which. it says, will expand even further “over the coming months.”
Right now, that means “your passport and driver’s license number, vehicle info (like license plate or VIN) and more.” All data that would be a hacker’s dream if it ever leaked. And that’s the problem. Coming just as we see the latest reports of huge data leaks driven by infostealers and breachers, who can you trust?
“User credentials are constantly being caught up in data breaches and they end up being collected and stored in large databases on the dark web,” ESET’s Jake Moore warns. “They can also be collected in rouge browser add ons and other illicit browser issues.”
Chrome’s security is fine — but it’s reliant on your device security and behaviors to prevent data getting into the wrong hands. A tier-one, standalone password manager is better than any browser-based password manager. That also creates a fire-gap between the platform in which you enter the data and the data repository itself.
That said, using Chrome (or any other browser password manager) is better than reusing passwords for convenience or storing them as plain text notes. But with the worsening threat landscape, and with Google accounts under heavy attack, it’s time to give some serious thought to how you plan to manage your passwords.
Microsoft’s recent decision to slim down its Authenticator app and shift password storage to Edge is a good time to prompt that change. But more critically, it’s also a good time to audit your own passwords and ensure you have a strong form of multi-factor authentication (not SMS) on your most important accounts, and ideally passkeys.
I say “and” instead of “or,” because even if you have a passkey enabled, if there’s still a password on an account it can be used to log into that account. So you can’t skip the MFA side of this advice, not unless the platform enables password deletion.
As for Chrome’s latest upgrade, give some thought to how much data you want to save in your browser. Make sure your Google account has a passkey and strong MFA, as that’s where these passwords are sync’d, and ensure device encryption is enabled.
“Passkeys and password managers are now easier to use,” Moore says. “Password managers handle the difficult task of generating and securely storing complex passwords and other codes so we don’t have to remember them. Combining this with multi-factor authentication enhances security and better protects people’s accounts.”
