In a blog post, the company said if it could detect a username and password used on a site viewed while using Chrome was among four billion credentials known to be compromised, then the extension would warn the user and suggest a change of password.
Google claims it built Password Checkup so that nobody could learn a user's Google account details. The extension can be installed and will be updated to refine its protections, but does not seem to be available yet (as of 8.35am AEDT on Wednesday.)
Additionally, Google said it has created tools to protect apps which a user signs into using Google Sign In.
Information shared is limited to:
- the fact that the security event happened;
- basic information about the event, like whether the account was hijacked, or if the user was forced to log back in because of suspicious activity; and
- information shared with apps where the user has logged in with Google.
- The user will be notified which of the apps present on his/her device is protected by Cross Account Protection.