The latest browser will now alert you if the passwords you have asked Chrome to remember have been compromised. However, Google’s password check works only if you use Chrome to store your passwords. To check if your username and password have been compromised, Chrome will send an encrypted copy of your username and password to Google. The search giant will check them against lists of credentials known to be compromised, which are sent to the company in a special form of encryption so that Google cannot derive your username or password. Google will notify you when you have compromised passwords on websites. Chrome will take you directly to the right “change password” form through its new “.well known/change-password” URLs and ask you to change the password. Along with these improvements, Chrome is also bringing Safety Check for Android and iOS, which includes checking for compromised passwords, telling you if Safe Browsing is enabled, and whether the version of Chrome you are running is updated with the latest security protections. You will also be able to use Chrome on iOS to autofill saved login details into other apps or browsers. Further, Chrome 86 is adding a new, Google specific feature called Enhanced Safe Browsing on Chrome for Android that was rolled out in May for desktop users this year. By turning on the Enhanced Safe Browsing feature, Chrome can proactively protect you against phishing, malware, and other dangerous sites by sharing real-time data with Google’s Safe Browsing service. According to Google, it’s predictable phishing protection has reduced the number of users entering their passwords into phishing sites by 20 percent. Additionally, Google has also launched Touch-to-fill for passwords on Android to prevent phishing attacks. For improving security on iOS, the company is introducing a biometric authentication step before auto-filling passwords. On iOS, you will now be able to authenticate using Face ID, Touch ID, or your phone passcode. However, to activate Chrome autofill, you will first have to go to Settings, Chrome Password manager and enable autofill saved passwords option. Lastly, Chrome 86 is introducing mixed form warnings on desktop and Android to alert and warn users before submitting a non-secure form that’s embedded in an HTTPS page. This feature will block or warn on some insecure downloads initiated by secure HTTPS pages. Currently, Chrome will only remove commonly abused file types, but eventually “secure pages will only be able to initiate secure downloads of any type.” Source: Google Blog