Google LLC wants to make the web a little safer by alerting consumers if one of their online accounts is compromised in a data breach.

The core component of the company’s plan is Password Checkup, a free extension for Chrome that it launched today. The add-on detects when a user logs into a website and checks the credentials they enter against a database of accounts known to have been compromised by hackers.

Google maintains a repository of more than 4 billion exposed account credentials that it updates whenever a new batch of records surfaces on the web. Data leaks of this nature have become alarmingly common over recent years, partially thanks to the emergence of large-scale cyberattacks in which hackers steal millions of login details at a time. Traditional companies and major tech firms alike have shown to be vulnerable to such breaches.

When Password Checkup detects an account that has been exposed in a cyberattack, it notifies the user of the issue and asks the person to change the password. This process requires the extension to capture login credentials, a sensitive task that Google said is handled with the appropriate level of care.

Password Checkup uses specialized security mechanisms that the search giant has built in collaboration with Stanford University. The extension anonymizes and encrypts login details before sending them to Google, which prevents hackers from intercepting them. Once on Google’s servers, credentials are compared against its database of compromised accounts through a method that hides the database’s contents to prevent potential abuse.

The company’s plans for this technology extend beyond Password Checkup. Google reportedly intends to release a paper detailing the security methods used in the add-on, which should enable other companies to incorporate them into their applications.

Alongside the extension, Google today announced a security capability called Cross Account Protection that aims to provide better protection for its own users against hackers. Specifically, the feature is meant to mitigate the amount of harm attackers can do if they somehow get access to a Google account.

The search giant already provides several ways for users to recover compromised accounts and resets passwords if they’re exposed online. However, those tools don’t extend to outside services that are connected to a person’s Google account. Cross Account Protection notifies connected applications of security breaches and suspicious activity so their built-in security mechanisms can respond appropriately.

Photo: Stock Catalog/Flickr