The latest release of Chrome browser introduces a variety of new security enhancements for enterprises.
From new ways to better isolate processes, to broader support for more advanced security standards, to the introduction of new policies, IT admins now have more options to protect their users and businesses from potential threats. Here's a quick overview of the security updates this latest release of Chrome will offer, plus an update on a few upcoming changes in 2018.
Starting with today's release, Site Isolation is now available. With Site Isolation enabled, Chrome renders content for each open website in a separate process, isolated from other websites. This can mean even stronger security boundaries between websites than Chrome's existing sandboxing technology. Admins can read more to determine if this capability makes sense for their organization -and start implementing it immediately.
Although admins have been able to whitelist and blacklist specific extensions in Chrome, it could be difficult to scale. Beginning today, IT admins can configure a new policy that restricts access to extensions based on the permissions required. For example, through policy, IT can now block all extensions that require the use of a webcam or microphone, or those that require access to reading or changing data on the websites visited. This policy is available now, and will help IT teams enforce necessary controls, without overly restricting users.
Secure communication on the Internet is made possible through a protocol called Transport Layer Security (TLS). To support the latest security standards, Google is enabling TLS 1.3 for Gmail in today's release of Chrome browser. The previous version, TLS 1.2, was standardized in 2008 and, although it can be secure when configured correctly, it's in need of an overhaul. The improvements in TLS 1.3 make it faster and more secure, and Google will be expanding TLS 1.3 support to the broader web in 2018.
Chrome 64, coming in early 2018, will include support for the NTLMv2 authentication protocol, including Extended Protection for Authentication (EPA) on Mac, Android, Linux and Chrome OS. This allows all platforms to perform NTLM authentication with the same level of security that was previously available only in Chrome on Windows.
Google has already announced changes in Chrome to improve stability and reduce the number of browser crashes. Starting with the release of Chrome 68 in July 2018, Google will begin blocking third-party software from injecting code into Chrome on Windows.
Code injection has historically been used by products such as anti-virus software. But it's an outdated process, and Google encourages vendors of such software to take advantage of the newer, more effective options available.
In the meantime, sometimes businesses need to rely on such software. So Google promised to introduce a new policy in the coming months that will offer admins extended support for critical apps that require code injection to function.