Connect with us

Hi, what are you looking for?


Data Protection

Google Updates End-to-End Encryption Tool

Google has released a new version of End-to-End, an open source encryption extension for Chrome introduced by the company earlier this year.

Google has released a new version of End-to-End, an open source encryption extension for Chrome introduced by the company earlier this year.

End-to-End, which leverages a new JavaScript-based crypto library, implements the OpenPGP standard, IETF RFC 4880. The tool allows users to generate encrypt, decrypt, sign and verify messages in the Web browser. Software that can do all these tasks already exists, but Google believes it’s too difficult to use for less tech savvy people.

The latest release contains more documentation for both developers and security researchers. It also includes contributions from Yahoo Chief Security Officer Alex Stamos. Stamos and his team have been collaborating with Google on the project since August.

Several bugs were uncovered in the first alpha release, but Google proudly reported that only few of them affected the new crypto library. Two of the vulnerabilities found in End-to-End qualified for the company’s bug bounty program and those who reported them earned financial rewards.

The extension is still in alpha and it’s not available in the Chrome Web Store because the search engine giant believes it’s not ready for general use. The company says it will release a fully fledged version of the tool next year.

“We don’t feel it’s as usable as it needs to be. Indeed, those looking through the source code will see references to our key server, and it should come as no surprise that we’re working on one. Key distribution and management is one of the hardest usability problems with cryptography-related products, and we won’t release End-To-End in non-alpha form until we have a solution we’re content with,” Stephan Somogyi, security and privacy product manager at Google, explained in a blog post.

The source code for End-to-End has been published on GitHub to allow the community to review it and make suggestions for improving it.

Advertisement. Scroll to continue reading.

Google has been highly active when it comes to protecting its users. In March, the search giant started encrypting all Gmail messages to protect customers’ communications. Last week, the company revealed plans to alert Chrome users whenever they are visiting insecure HTTP websites.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...