The biggest highlight of this browser is that Chrome will now automatically warn you if your password has been compromised in a data breach. The new feature was also tweeted by Google CEO Sundar Pichai. With the latest release of Chrome, anyone whose login credentials has been leaked in a data breach previously will get a notification when logging into a site. How does the new password feature work? Google always stores a hashed and encrypted copy of the username and password exposed by another company’s data breach on its servers. It has a secret key to this copy that is only known to Google. “When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome. No one, including Google, is able to derive your username or password from this encrypted copy,” Google Chrome Team wrote in a security blog post on the feature. “In order to determine if your username and password appear in any breach, we use a technique called private set intersection with blinding that involves multiple layers of encryption. This allows us to compare your encrypted username and password with all of the encrypted breached usernames and passwords, without revealing your username and password, or revealing any information about any other users’ usernames and passwords. In order to make this computation more efficient, Chrome sends a 3-byte SHA256 hash prefix of your username to reduce the scale of the data joined from 4 billion records down to 250 records, while still ensuring your username remains anonymous.” If your username and password have been compromised, Chrome will notify you and will request you to change your password. Users can control this feature in the “Sync and Google Services” section of Chrome Settings. Enterprise admins can control this feature using the Password?Leak?Detection?Enabled policy setting. The new feature is currently being rolled out in phases to everyone. Besides password protection, the new update also provides real-time phishing protection as well as warns users when they visit a malicious website. You can read more about it here.