Among the new features are site isolation, and support for the NTLMv2 authentication protocol and TLS 1.3.
Google Chrome is getting a host of new security updates, specifically designed to protect professionals and enterprise users, according to a Wednesday blog post from Google.
With the latest release of Chrome, Google is making Site Isolation available to its users. This will allow Chrome to render content separately for each website that is open, keeping them isolated from one another, according to the post.
"This can mean even stronger security boundaries between websites than Chrome's existing sandboxing technology," the post said. "Admins can read more to determine if this capability makes sense for their organization—and start implementing it immediately."
SEE: Secure Browser Usage Policy (Tech Pro Research)
Chrome admins will now be able to whitelist and blacklist specific extensions in a more scalable way as well. With an updated extensions policy (available now), IT admins can create a policy that will restrict extension access based on permissions, the post said. One example provided would be admins blocking all extensions that need to use a device's camera or microphone.
The newest Chrome version also supports the latest version of Transport Layer Security (TLS)—version 1.3—in Gmail, which could improve security and speed. According to the post, Google will be bringing support for TLS 1.3 to the broader web sometime in 2018.
Chrome users won't immediately notice any difference with the support of TLS 1.3. However, Google urged admins to make note of any incompatible systems in the Chrome admin forum.
In its post, Google also outlined some of the security features that will be coming in 2018. In Chrome 64, due in 2018, the browser will support the NTLMv2 authentication protocol, the post said. This includes Extended Protection for Authentication (EPA) on Mac, Android, Linux, and Chrome OS. "This allows all platforms to perform NTLM authentication with the same level of security that was previously available only in Chrome on Windows," the post said.
In Chrome 65, NTLMv2 will become the default protocol, but admins can enable it now at chrome://flags/#enable-ntlm-v2.
Google recently announced that it would be working to cut down browser crashes, specifically those caused by third-party code injection in Chrome on Windows. In its post, Google called code injection an "outdated process," but also noted that some firms still rely on it in certain processes. For those companies, a new policy is in the works—due in the "coming months"—that will give admins the ability to still support critical apps that rely on code injection.
If an admin wishes to see what software on a company machine is injecting code into Chrome, they can do so here: chrome://conflicts.
The 3 big takeaways for TechRepublic readers
- Google is now offering Site Isolation in Chrome, allowing website content to render independently of other open websites in an effort to improve security.
- Chrome admins will now be able to restrict extension access based on permissions, making the whitelist or blacklist process more scalable.
- In the future, Chrome will support TLS 1.3 and the NTLMv2 authentication protocol, while limiting the use of software that performs code injection.
- How to build a successful career in cybersecurity (free PDF) (TechRepublic)
- Google removes Chrome Apps from Web Store, moves to PWAs (ZDNet)
- Chrome users beware: A new 'Catch-All' extension could steal everything you type (TechRepublic)
- Chrome 63 vs Windows 10 Edge: Google steps up rivalry with site isolation security (ZDNet)
- 10 tips to help you get the most out of Google Chrome (TechRepublic)