Google expands encryption protection in Chrome browser
Google will beef up security in the next release of its Chrome browser (version 25) by encrypting all search queries sent from the software. Currently, only queries sent by searchers logged into a Google account are encrypted by Chrome.
Starting with the next version of Chrome, now in the development and beta channel, searches by anyone will be encrypted using the Secure Socket Layer (SSL), Google Software Engineer Adam Langley explained in The Chromium Blog.
When a browser is using SSL to encrypt information from a browser to a website, a green padlock appears beside the Web address in the address box. Google calls that box the "omnibox" because it does double duty as both a place to insert URLs and type in search terms.
"Serving content over SSL provides users with a more secure and private search experience," Langley said in his blog. "It helps ensure that malicious actors who might intercept people’s Internet traffic can't see their queries."
Recently, however, SSL has come under criticism by some in the security community. They say that it has become too easy for Internet bandits to forge the certificates used to encrypt and decrypt data sent between a browser and a website. With such certificates, miscreants can perform "man in the middle" attacks that allow them to compromise the connection between a browser and a website.
According to Langley, Chrome users shouldn't experience any noticeable changes in their browsing experience because of the new feature, other than a speed boost in obtaining search results because of Google's use of the SPDY protocol in the software.
Although Google started encrypting search queries for Chrome users signed in to their Google accounts in October 2011, it isn't until now that it decided to extend the practice to all the browser's users whether they're logged into Google or not.
Mozilla enabled encryption for Google searches performed through its Firefox browser in July 2012. Apple followed suit by enabling search query encryption in its Safari browser in September 2012.
While Google didn't explain why it has taken so long to implement general search encryption for Chrome, concern over the impact of the move on marketers may have been a consideration.
Encrypted search prevents a marketer from gathering information from a website about searches performed there. Now about 39 percent of all Google searches are affected by encrypted search, but that number is expected to increase, especially with the expansion of encrypted search in the next version of Chrome.