Google Chrome is set to introduce a new feature for the automatic replacement of compromised passwords. Developers promise that the browser will not only identify weak or exposed credentials but will also proactively suggest more secure alternatives. The company touts this as an “AI-powered innovation,” though the precise mechanics of the technology remain unclear.
The first to discover this feature was the well-known software researcher Leopeva64. While exploring an experimental Chrome build, he uncovered a section labeled “Automated Password Change” within the AI settings. According to preliminary descriptions, the browser will prompt users to update their passwords immediately upon detecting them in leaked credential databases.
Password breach detection itself is not a novel concept—Chrome already alerts users when their credentials have been exposed in data leaks. However, until now, the browser merely advised users to change their passwords. With this new feature, it aims to take on the task directly. According to Windows Report, the function will allow users to update compromised passwords seamlessly, without leaving the current webpage.
Newly generated passwords will be automatically stored in Google’s password manager. The settings explicitly emphasize that all credentials are encrypted, ensuring that no one but the account owner can access them.
The feature is already available for testing, but users must install the experimental Chrome Canary build to try it. In the browser’s experimental settings (chrome://flags), two options need to be enabled: “Improved Password Change Service” and “Mark All Credentials as Leaked.” The latter is required for testing, as it flags all passwords as compromised—since the system is not yet connected to real breach databases.
Once these settings are activated, users can attempt to log into any non-Google website with arbitrary credentials. If the login attempt fails or the user navigates to another page, Chrome will offer to update the password.
Curiously, neither Leopeva64’s findings nor subsequent reports clarify why this feature is classified as an “AI innovation.” Chrome has long been capable of cross-referencing passwords with breach databases like Have I Been Pwned. Moreover, generating strong passwords and securely storing them does not inherently require AI—password managers have been handling this task for years.
This may well be another instance of existing algorithms being rebranded with trendy AI labels in the wake of the current hype. However, regardless of the marketing language (which could still evolve before the official release), the feature itself is undoubtedly a valuable addition.
