Internet giant Google has announced that it will soon release a Chrome plug-in that will enable end-to-end encryption for web-based email services. Google hopes to make encryption easy for mainstream users, with the new Chrome plug-in.
Google announced the project, though the plug-in will actually be launched later. Right now the source code has been shared with the community for testing and evaluate it. The plug-in has been launched under Google’s Vulnerability Reward Program, so security researchers and developers who can find issues with it will get prizes for finding bugs. The internet giant says that the new plug-in will let “anyone” enable end-to-end email encryption “through their existing web-based email provider.”
After the recent issues around the Heartbleed bug in the OpenSLL library, Google's approach is probably the right way. The bug allows cyber attackers to gain access to users’ passwords and fools users by creating fake versions of websites. The malware has a new line of attack called 'Cupid' that affects Android devices running v4.1. “Prematurely making End-To-End available could have very serious real world ramifications,” Google rightly says.
Google also released its first email encryption transparency report, which shows how many email providers encrypt messages while transiting between the sender and recipient. Google's report says that about 65 percent of messages from Gmail to other providers are encrypted, whereas only 50 percent of inbound messages from other services to Gmail are encrypted.
Source: Google