Category Archives: Google Chrome Blog

The latest news from the Google Chrome team

Reflecting on a year’s worth of Chrome security improvements

In the next few weeks, you’ll probably be spending lots of time online buying gifts for your friends, family and “extended family” (your dog, duh). And as always, you want to do so securely. Picking the perfect present is hard enough; you shouldn’t have to worry about staying safe while you’re shopping.

Security has always been a top priority for Chrome, and this year we made a bunch of improvements to help keep your information even safer, and encourage sites across the web to become more secure as well. We’re giving you a rundown of those upgrades today, so that you can concentrate on buying the warmest new slippers for your dad or the perfect new holiday sweater for your dog in the next few weeks.


More protection from dangerous and deceptive sites


For years, Google Safe Browsing has scanned the web looking for potential dangers—like sites with malware or phishing schemes that try to steal your personal information—and warned users to steer clear. This year, we announced that Safe Browsing protects more than 3 billion devices, and in Chrome specifically, shows 260 million warnings before users can visit dangerous sites every month.
chromeprotects_a.png

We’re constantly working to improve Safe Browsing and we made really encouraging progress this year, particularly with mobile devices. Safe Browsing powers the warnings we now show in Gmail’s Android and iOS mobile apps after a user clicks a link to a phishing site. We brought Safe Browsing to Android WebView (which Android apps sometimes use to open web content) in Android Oreo, so even web browsing inside other apps is safer. We also brought the new mobile-optimized Safe Browsing protocol to Chrome, which cuts 80 percent of the data used by Safe Browsing and helps Chrome stay lean.


In case you do download a nastygram, this year we’ve also redesigned and upgraded the Chrome Cleanup Tool with technology from IT company ESET. Chrome will alert you if we detect unwanted software, to remove the software and get you back in good hands.


Making the web safer, for everyone


Our security work helps protect Chrome users, but we’ve also pursued projects to help secure the web as a whole. Last year, we announced that we would mark sites that are not encrypted (i.e., served over HTTP) as “not secure” in Chrome. Since then, we’ve seen a marked increase in HTTPS usage on the web, especially with some of the web’s top sites:
saferweb.png

If you’re researching gifts at a coffee shop or airport, you might be connecting to unfamiliar Wi-Fi which could be risky if the sites you’re visiting are not using the secure HTTPS protocol. With HTTPS, you can rest assured that the person sitting next to you can’t see or meddle with everything you’re doing on the Wi-Fi network. HTTPS ensures your connection is encrypted and your data is safe from eavesdroppers regardless of which Wi-Fi network you’re on.


An even stronger sandbox


Chrome has never relied on just one protection to secure your data. We use a layered approach with many different safeguards, including a sandbox—a feature that isolates different tabs in your browser so that if there’s a problem with one, it won’t affect the others. In the past year, we’ve added an additional sandbox layer to Chrome on Android and improved Chrome’s sandboxing on Windows and Android WebView.


So, if you’ve entered your credit card to purchase doggy nail polish in one Chrome tab, and you’ve inadvertently loaded a misbehaving or malicious site in another tab the sandbox will isolate that bad tab, and your credit card details will be protected.


Improving our browser warnings to keep you even safer


It should always be easy to know if you might be in danger online, and what you can do to get back to safety. Chrome communicates these risks in a variety of different ways, from a green lock for a secure HTTPS connection, to a red triangle warning if an attacker might be trying to steal your information.


By applying insights from new research that we published this year, we were able to improve or remove 25 percent of all HTTPS warnings Chrome users see. These improvements mean fewer false alarms, so you see warnings only when you really need them.
chrome.png

Unfortunately, our research didn’t help users avoid dog-grooming dangers. This is a very challenging problem that requires further analysis.


A history of strong security


Security has been a core pillar of Chrome since the very beginning. We’re always tracking our own progress, but outside perspectives are a key component of strong protections too.


The security research community has been key to strengthening Chrome security. We are extremely appreciative of their work—their reports help keep our users safer. We’ve given $4.2 million to researchers through our Vulnerability Reward Program since it launched in 2010.
paidresearch.png

Of course, we’re also happy when aren’t able to find security issues. At Pwn2Own 2017, an industry event where security professionals come together to hack browsers, Chrome remained standing while other browsers were successfully exploited.


Zooming out, we worked with two top-tier security firms to independently assess Chrome’s overall security across the range of areas that are important to keep users safe. Their whitepapers found, for example, that Chrome warns users about more phishing than other major browsers, Chrome patches security vulnerabilities faster than other major browsers, and “security restrictions are best enforced in Google Chrome.” We won’t rest on these laurels, and we will never stop improving Chrome’s security protections.

Combined.png

So, whether you’re shopping for a new computer, concert tickets, or some perfume for your pooch, rest assured: Chrome will secure your data with the best protections on the planet.

Source: Google Chrome


Chromebooks are at the head of the class in Canada’s K-12 schools

Around the world, education has undergone a technological revolution. Cloud-connected devices and learning applications are shaping new ways of teaching and learning. Across Canada, school districts are using Chromebooks and G Suite for Education to expand learning opportunities for students from diverse communities and backgrounds. And now, Futuresource has reported that Chromebooks are the number-one-selling educational device for Canadian K12 schools.

With this news, Canada joins the U.S., Sweden, and New Zealand, where Chromebooks are also the top devices used in classrooms. Futuresource Associate Director Mike Fisher says that the offering of Chromebooks, combined with productivity tools and a management console for IT staff, means that “a growing number of schools are turning to Google when bringing technology into the classroom.”

CB_canada.png

Here are a few examples of how districts across Canada are using Google’s educational tools:

Giving schools more choice and flexibility

Toronto District School Board, the largest district in Canada, leaves technology purchases up to individual schools. Chromebook usage has soared across the district to 20,000 devices since the first pilot purchases in early 2015. “Hundreds of schools are purchasing Chromebooks out of local school technology budgets,” says Kevin Bradbeer, the school board’s senior manager of client relations. “We're seeing grassroots decisions to choose this platform over three or four other choices.”

Both students and teachers appreciate the quickness of Chromebooks. Bradbeer says students power up their Chromebooks in seconds, so they can get right to work in class.

Canada photo #1.JPG
Students collaborating on Chromebooks at an elementary-junior high school in Edmonton.

Affordable devices that bring powerful computing to all students

The Upper Grand School District Board, in Guelph, Ontario, purchased 4,000 Chromebooks in 2013 for special-education students, but found that other students consistently borrowed the Chromebooks to bring into their classrooms. Bill Mackenzie, an Upper Grand information and communication technology consultant says that special-needs students are the “tip of the spear for technology, because if it helps them, it will help everybody.” The district now has 15,000 Chromebooks, about one for every two students, and the number continues to increase.

Edmonton Public Schools has nearly 100,000 students. About 25% of students are immigrants or refugees and part of the district’s diverse English Language Learner population. “Equity of access to technology is a challenge, for sure,” says Terry Korte, a supervisor in District Technology. “We try to avoid the fads and stick with the things that make the biggest difference for teachers and their students.” Chromebooks have helped to make that difference in Edmonton since 2012.

The large Alberta district now has over 46,000 Chromebooks, which was the school’s catalyst for moving into the cloud and using G Suite for Education. “Our goal is to have technology in the hands of students when and where they need it,” Korte adds.

Easy access to a world of apps and content

From a teacher’s perspective, Chromebooks help students learn more effectively by giving them access to a world of educational content. “Chromebooks are inherently networked, so students can find their own way to learn specific concepts online,” says Lance Pedersen, a computer and technology studies teacher at Alberta’s McNally School.

At Edmonton’s Queen Elizabeth School, educators take advantage of the myriad of learning opportunities that Chromebooks and G Suite for Education provide, whether they’re teaching French or guitar.

Canada photo #2.JPG
Students at an Edmonton elementary-junior high school code with Makey Makey on Chromebooks

These Canadian districts all cite the similar advantages that make Chromebooks and G Suite for Education the top choice for classrooms across the country. “When it comes to cost, performance, and reliability,” Toronto’s Bradbeer says, “Chromebooks really are in the sweet spot of all three.”

Source: Google Chrome


Say “yes” to HTTPS: Chrome secures the web, one site at a time

Editor’s note: October is Cybersecurity Awareness Month, and we're celebrating with a series of security announcements this week. See our earlier posts on new security protections tailored for you, our new Advanced Protection Program, and our progress fighting phishing.

Security has always been one of Chrome’s core principles—we constantly work to build the most secure web browser to protect our users. Two recent studies concluded that Chrome was the most secure web browser in multiple aspects of security, with high rates of catching dangerous and deceptive sites, lightning-fast patching of vulnerabilities, and multiple layers of defenses.

About a year ago, we announced that we would begin marking all sites that are not encrypted with HTTPS as “not secure” in Chrome. We wanted to help people understand when the site they're on is not secure, and at the same time, provide motivation to that site's owner to improve the security of their site. We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the “not secure” warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

http search

It’s only been a year, but HTTPS usage has already made some incredible progress. You can see all of this in our public Transparency Report:


  • 64 percent of Chrome traffic on Android is now protected, up from 42 percent a year ago.

  • Over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on Chrome OS a year ago

  • 71 of the top 100 sites on the web use HTTPS by default, up from 37 a year ago

percentage of page loads over HTTPS in Chrome by platform
Percent of page loads over HTTPS in Chrome by platform

We’re also excited to see HTTPS usage increasing around the world. For example, we’ve seen HTTPS usage surge recently in Japan; large sites like Rakuten, Cookpad, Ameblo, and Yahoo Japan all made major headway towards HTTPS in 2017. Because of this, we’ve seen HTTPS in Japan surge from 31 percent to 55 percent in the last year, measured via Chrome on Windows. We see similar upward trends in other regions—HTTPS is up from 50 percent to 66 percent in Brazil, and 59 percent to 73 percent in the U.S.!


Ongoing efforts to bring encryption to everyone


To help site owners migrate (or originally create!) their sites on HTTPS, we want to make sure the process is as simple and cheap as possible. Let’s Encrypt is a free and automated certificate authority that makes securing your website cheap and easy. Google Chrome remains a Platinum sponsor of Let’s Encrypt in 2017, and has committed to continue that support next year.


Google also recently announced managed SSL for Google App Engine, and has started securing entire top-level Google domains like .foo and .dev by default with HSTS. These advances help make HTTPS automatic and painless, to make sure we’re moving towards a web that’s secure by default.


HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. There’s never been a better time to migrate! Developers, check out our set-up guides to get started.

Source: Google Chrome


Helping NASA and JPL bring the surface of Mars to your browser

On August 6, 2012, the Curiosity rover landed on Mars. Ever since, it’s been searching for evidence that Mars has ever been suitable for life. It’s also been photographing the Martian terrain in great detail. Scientists at NASA’s Jet Propulsion Lab use these photos to create a 3D model of Mars. It’s a one-of-a-kind scientific tool for planning future missions.


Today, we’re putting that same 3D model into an immersive experience for everyone to explore. We call it Access Mars, and it lets you see what the scientists see. Get a real look at Curiosity’s landing site and other mission sites like Pahrump Hills and Murray Buttes. Plus, JPL will continuously update the data so you can see where Curiosity has just been in the past few days or weeks. All along the way, JPL scientist Katie Stack Morgan will be your guide, explaining key points about the rover, the mission, and some of the early findings.


The experience is built using WebVR, a technology that lets you see virtual reality right in your browser, without installing any apps. You can try it on a virtual reality headset, phone, or laptop.


Check it out at g.co/accessmars.


And if you’re an educator, we’ve updated our Mars tour in Google Expeditions with highlights from this experience. To try it with your class or in self-guided mode, download the Expeditions app from Google Play or the App Store.

Source: Google Chrome


A cleaner, safer web with Chrome Cleanup

Unwanted software impacts the browsing experience of millions of web users every day. Effects of this harmful software are often quite subtle—search results are modified to redirect users to other pages or additional ads are injected in the pages that users visit. But in some cases, the changes are so severe that they can make the web unusable—people are redirected to unwanted sites full of ads, and it can be next to impossible to navigate away from these pages.


Chrome already has tools to help people avoid unwanted software. For example, Safe Browsing prevents many infections from taking place by warning millions of users. But sometimes harmful software slips through.


Recently, we rolled out three changes to help Chrome for Windows users recover from unwanted software infections.


Hijacked settings detection

Extensions can help make Chrome more useful—like by customizing tab management. But some extensions may change your settings without you even realizing it. Now, when Chrome detects that user settings have been changed without your consent, it will offer to restore the modified settings. In the past month, this feature has helped millions of people recover from unwanted settings.
reset-prompt-screenshot.png

You can also reset your profile settings at any time by visiting chrome://settings/resetProfileSettings.


A simpler Chrome Cleanup

Sometimes when you download software or other content, it might bundle unwanted software as part of the installation process without you knowing. That’s why on Chrome for Windows, the Chrome Cleanup feature alerts people when it detects unwanted software and offers a quick way to remove the software and return Chrome to its default settings. We’ve recently completed a full redesign of Chrome Cleanup. The new interface is simpler and makes it easier to see what software will be removed.
Prompt dialog.PNG

A more powerful Cleanup engine

Under the hood, we upgraded the technology we use in Chrome Cleanup to detect and remove unwanted software. We worked with IT security company ESET to combine their detection engine with Chrome’s sandbox technology. We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup. Note this new sandboxed engine is not a general-purpose antivirus—it only removes software that doesn’t comply with our unwanted software policy.


We’ve begun to roll this out to Chrome for Windows users now. Over the next few days, it will help tens of millions of Chrome users get back to a cleaner, safer web.

Source: Google Chrome


The best hardware, software and AI—together

Today, we introduced our second generation family of consumer hardware products, all made by Google: new Pixel phones, Google Home Mini and Max, an all new Pixelbook, Google Clips hands-free camera, Google Pixel Buds, and an updated Daydream View headset. We see tremendous potential for devices to be helpful, make your life easier, and even get better over time when they’re created at the intersection of hardware, software and advanced artificial intelligence (AI).


Why Google?

These days many devices—especially smartphones—look and act the same. That means in order to create a meaningful experience for users, we need a different approach. A year ago, Sundar outlined his vision of how AI would change how people would use computers. And in fact, AI is already transforming what Google’s products can do in the real world. For example, swipe typing has been around for a while, but AI lets people use Gboard to swipe-type in two languages at once. Google Maps uses AI to figure out what the parking is like at your destination and suggest alternative spots before you’ve even put your foot on the gas. But, for this wave of computing to reach new breakthroughs, we have to build software and hardware that can bring more of the potential of AI into reality—which is what we’ve set out to do with this year’s new family of products.

Hardware, built from the inside out

We’ve designed and built our latest hardware products around a few core tenets. First and foremost, we want them to be radically helpful. They’re fast, they’re there when you need them, and they’re simple to use. Second, everything is designed for you, so that the technology doesn’t get in they way and instead blends into your lifestyle. Lastly, by creating hardware with AI at the core, our products can improve over time. They’re constantly getting better and faster through automatic software updates. And they’re designed to learn from you, so you’ll notice features—like the Google Assistant—get smarter and more assistive the more you interact with them.


You’ll see this reflected in our 2017 lineup of new Made by Google products:

  • The Pixel 2 has the best camera of any smartphone, again, along with a gorgeous display and augmented reality capabilities. Pixel owners get unlimited storage for their photos and videos, and an exclusive preview of Google Lens, which uses AI to give you helpful information about the things around you.
  • Google Home Mini brings the Assistant to more places throughout your home, with a beautiful design that fits anywhere. And Max is our biggest and best-sounding Google Home device, powered by the Assistant. And with AI-based Smart Sound, Max has the ability to adapt your audio experience to you—your environment, context, and preferences.
  • With Pixelbook, we’ve reimagined the laptop as a high-performance Chromebook, with a versatile form factor that works the way you do. It’s the first laptop with the Assistant built in, and the Pixelbook Pen makes the whole experience even smarter.
  • Our new Pixel Buds combine Google smarts and the best digital sound. You’ll get elegant touch controls that put the Assistant just a tap away, and they’ll even help you communicate in a different language.
  • The updated Daydream View is the best mobile virtual reality (VR) headset on the market, and the simplest, most comfortable VR experience.
  • Google Clips is a totally new way to capture genuine, spontaneous moments—all powered by machine learning and AI. This tiny camera seamlessly sends clips to your phone, and even edits and curates them for you.

Assistant, everywhere

Across all these devices, you can interact with the Google Assistant any way you want—talk to it with your Google Home or your Pixel Buds, squeeze your Pixel 2, or use your Pixelbook’s Assistant key or circle things on your screen with the Pixelbook Pen. Wherever you are, and on any device with the Assistant, you can connect to the information you need and get help with the tasks to get you through your day. No other assistive technology comes close, and it continues to get better every day.

New hardware products

Google’s hardware business is just getting started, and we’re committed to building and investing for the long run. We couldn’t be more excited to introduce you to our second-generation family of products that truly brings together the best of Google software, thoughtfully designed hardware with cutting-edge AI. We hope you enjoy using them as much as we do.

Source: Google Chrome


The Google Assistant, powering our new family of hardware

Today we introduced Google Home Mini and Google Home Max, a new Pixel phone, a new Pixelbook and Pixelbook Pen, and Pixel Buds. Something all of these products have in common is the Google Assistant. With new Assistant features throughout the entire line-up, they’re built with the Assistant in mind, ready to help you get more done.

But let’s take a step back. Exactly one year ago today, we first introduced the Google Assistant, which lets you have a natural conversation with Google. We said the Assistant should be helpful, simple to use, available where you need it and that it should understand your context—location, device you’re using, etc. And that’s exactly what we’ve been working toward. So before diving into what’s new today, let’s take a look at some of our highlights from the past year:

  • Hardware that works with your Assistant—Android phones, iPhones, headphones, voice-activated speakers like Google Home and others from several manufacturers, Android Wear and Android TV.
  • Your Assistant in more languages and places—Google Home in the U.K., Canada (English and French), Australia, Germany, France and, today, Japan. The Assistant on eligible Android phones and iPhones is also available in Brazilian Portuguese, Japanese, Korean and, coming soon, Italian, Spanish (in Mexico and Spain) and Singaporean English.
  • Smart home devices and platforms that work with your Assistant—you can now control over 1,000 smart home products from more than 100 brands, including August Home, Logitech Harmony, Nest, Philips Hue, SmartThings and Wemo.
  • Features to make your Assistant better—we’ve introduced Hands-Free Calling, reminders, shopping, shortcuts, step-by-step instructions to millions of recipes, and more. And of course Voice Match, which enables different household members to get personalized help on a shared device. So when you ask a question, the Assistant can recognize it’s your voice and respond with your news preferences, calendar, commute, and reminders. Starting today, Voice Match will be available in every country where Google Home is available (U.S., U.K., Australia, Canada, France, Germany and Japan).

We’ve come a long way in the past year, but we’re even more excited about what’s still in store, starting with what we’re announcing today. Here’s a look at what’s coming over the next few months:

Choose a new voice: The Assistant now has two voice options, starting in the U.S., so you can choose a voice that’s right for you. Try it today by going to settings in your Google Home app or Google Assistant on your phone and navigating to preferences.

Spend time with family: The Assistant will soon have more than 50 new ways for families to have fun, and with support for kids’ accounts managed with Family Link already on Android phones and coming to Google Home, you can have fun whether you’re on the go or at home. Soon, you’ll be able to say "Ok Google, let's play a game" and go on an adventure with Mickey Mouse, identify your alter ego with Justice League D.C. Super Hero, or play Freeze Dance in your living room. You can learn by saying "Let's learn" and then quiz yourself with games like "Talk Like a Chef" or "Play Space Trivia." When it's time for bed, try saying "Ok Google, tell me a story" to hear classics like Snow White and original stories like “The Chef Who Loved Potatoes.”

Manage your routines: Your Assistant will soon be able to help you manage your daily routines across your devices. So, once you’ve set up your preferences, when you say “Ok Google, let’s go home” your Assistant can update you about your commute, text your partner that you’re on your way and play your podcast where you left off. And when you get home, just say “Ok Google, I’m home,” and it will turn on the lights, adjust to your desired temperature and share your reminders.

Transactions: Over the next week, you’ll also be able make fast and easy purchases with your Assistant, starting with 1-800-Flowers, Applebee’s, Panera and Ticketmaster. So you’ll be able to say, “Ok Google, talk to Ticketmaster” to your Assistant on your phone to find and buy your tickets.

Broadcast: With the new broadcast feature, your Assistant can round up the family and announce to Google Homes around the house that it’s dinner time. Just say, “Ok Google, broadcast: come on upstairs for dinner in 5 minutes.” The best part—you can even broadcast from your phone to Google Home with your Assistant. Just say "Ok Google, broadcast: I'm on my way!”

Explore with Google Lens: We’re bringing an early preview of Google Lens to Pixel phones. At the start you’ll be able to look up landmarks, books, music albums, movies, and artwork, by tapping on the Lens icon in Google Photos. Over the next few weeks, we’ll add more capabilities, as well as the ability to use Lens in the Google Assistant. With the Assistant, it will provide a conversational experience for quick help with what you see, right in the moment.

Get things done with Pixelbook and Pixelbook Pen: On Pixelbook, your Assistant can help you send a quick email, create a new doc or get the details of your next calendar event. And with Pixelbook Pen, you can circle text or images on your screen to get more information or take action. Looking at a photo and wondering where the beautiful mountainscape is located? Circle it and let your Assistant do the rest.

On the go with Pixel Buds: Pixel Buds are optimized for the Google Assistant on Android phones, so you can play music, have notifications read to you, get directions or set a reminder, all without looking at your phone.

Control your smart home with Nest: With Nest Camera, you can say “Ok Google, show me the entryway on my TV” to your Assistant on Google Home and keep up with what’s going on in your home. Coming next year, with the Familiar Faces feature on Nest Hello, when the doorbell rings and Nest Hello recognizes the person at the door, it will automatically have the Assistant broadcast that information to all the Google Home devices in the house. So you can know who’s there right when they arrive.

So that’s what’s new with the Assistant. We’re continuing to make it more helpful and more available on new devices—whether you’re at home, on the go or somewhere in between—and in new languages and countries.

With all of the improvements built up over the past year, the Assistant can help you get more done and give you more time to focus on what matters. And we’re excited about what the future holds—with our expertise in natural language understanding, deep learning, computer vision, and understanding context, your Assistant will just keep getting better. Over time, we believe the Assistant has the potential to transform how we use technology—not only by understanding you better but also by giving you one, easy-to-use and understandable way to interact with it. All you have to do is say “Ok Google” to get help from your own personal Google.

Source: Google Chrome


At New Zealand schools, Chromebooks top the list of learning tools

New Zealand educators are changing their approach to teaching, building personalized learning pathways for every student. Technology plays a key part in this approach. New Zealand has joined the list of countries including Sweden and the United States where Chromebooks are the number one device used in schools, according to analysts at International Data Corporation (IDC).

“Chromebooks continue to be a top choice for schools,” says Arunachalam Muthiah, Senior Market Analyst, IDC NZ. “After Chromebooks’ strong performance in 2016, we see a similar trend in the first half of 2017 with Chromebooks gaining a total shipment market share of 46 percent, continuing to hold their position as the number-one selling device in schools across New Zealand.”

Screen Shot 2017-03-09 at 12.57.49 PM.png
Bombay School students learning about conductivity, electrical circuits and constructing a tune.

Technology is transforming education across the globe, and in New Zealand schools are using digital tools to help  students learn, in the classroom and beyond.  

At Bombay School, located in the rural foothills south of Auckland, students could only get an hour a week of computer access. Bombay School’s principal and board decided on a 1:1 “bring your own device” program with Chromebooks, along with secure device management using a Chrome Education license.

Teachers quickly realized that since each student was empowered with a Chromebook, access to learning opportunities increased daily, inspiring students to chart new learning paths. “Technology overcomes constraints,” says Paul Petersen, principal of Bombay School. “If I don’t understand multiplication today, I can learn about it online. I can look for help. I can practice at my own pace, anywhere I am.”

In 2014 Bombay School seniors collectively scored in the 78th percentile for reading; in 2016, they reached nearly the 90th percentile.

PtEngland_1249__DXP0023_XT-X3.jpg

Students at Point England School take a digital license quiz to learn about online behavior.

In the Manaiakalani Community of Learning in East Auckland, some students start school with lower achievement levels than students in other school regions. Manaiakalani chose Chromebooks to support its education program goals and manage budget challenges. By bringing Chromebooks to the Manaiakalani schools, “we broke apart the barriers of the 9 a.m. to 3 p.m. school day,” says Dorothy Burt, head of the Manaiakalani Education Program and Digital Learning Coordinator, based at Point England School. Using G Suite for Education tools on their Chromebooks, students can work with other students, teachers, and parents on their lessons in the classroom, the library, or at home.

Dorothy says “we’re seeing not only engagement, but actual literacy outcomes improve—it’s made a huge difference to the opportunities students will have in the future.”

We look forward to supporting more countries and schools as they redefine teaching and make learning even more accessible for every student, anywhere.

Source: Google Chrome


7 ways admins can help secure accounts against phishing in G Suite

We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

Here are seven things we recommend admins do in G Suite to better protect employee data.

1. Enforce 2-step verification

Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

Image 1: phishing post

G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

The Key to working smarter faster and safer

2. Deploy Password Alert extension for Chrome

The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation" under both “User Settings” and “Public session settings.”

Image 2: phishing post

Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

3. Allow only trusted apps to access your data

Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

Image 3: phishing post

4. Publish a DMARC policy for your organization

To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

5. Disable third-party email client access for those who don't need it

The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.


By choosing to disable POP and IMAP, Google Sync and G Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.


Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

Image 4: phishing post
Disable-thirdparty.png

6. Encourage your team to pay attention to external reply warnings

By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

Image 6: phishing post

7. Enforce the use of Android work profiles

Work profiles allow you to separate your organization's apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

Image 7: phishing post

These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

Source: Google Chrome


Step inside of music

What if you could step inside your favorite song and get a closer look at how music is made? That’s the idea behind our new interactive experiment Inside Music.

The project is a collaboration with the popular podcast Song Exploder and some of our favorite artists across different genres—Phoenix, Perfume Genius, Natalia Lafourcade, Ibeyi, Alarm Will Sound, and Clipping. The experiment lets you explore layers of music all around you, using spatial audio to understand how a piece of music is composed. You can even turn layers on and off, letting you hear the individual pieces of a song in a new way.

It’s built using technology called WebVR, which lets you open it in your web browser, without installing any apps. You can try it on a virtual reality headset, phone or laptop. And we’ve made the code open-source so that people who make music can create new interactive experiments.

Watch the video above to learn more, and check it out at g.co/insidemusic.

Source: Google Chrome