New beta available that restricts access to folders in Google Drive

What’s changing

If your admin has set up shared drives for their organization, shared drive managers were previously not able to restrict access to folders in shared drives. Today, we’re introducing a beta that allows shared drive managers to restrict folders to specific users within a shared drive. This provides shared drive managers with greater flexibility to keep relevant content within a single shared drive, while restricting access to shared folders with sensitive information. 

A folder with “limited access” can only be opened by people who have been added to it directly. People with general access to the shared drive or shared folder can see the restricted folder in Drive, but will not be able to open it. 

Eligible customers can use this form to express interest in the beta and will receive an email confirmation prior to the feature being enabled in their specified domain. 

Limit access to a specific folder


Who’s impacted 

Admins and end users 


Why it’s important 

Folders with limited access allow users to organize files by project, in a single shared drive or shared folder, while ensuring that sensitive information is only accessible to the right team members. 


Additional details 

Folders with limited access are available in both shared drives and My Drive: 
  • Shared drive managers can always access folders with limited-access 
  • Folder owners can always access limited-access folders in their My Drive 

Getting started 

  • Admins: Eligible customers can express interest in the beta here. We’ll begin accepting domains into the program in the coming weeks. Once accepted into the beta, visit the Help Center to learn more about folders with limited access
  • End users: 
    • As a shared drive manager or My Drive folder owner, go to your shared drive > choose the folder you want to limit access > click the overflow menu > share > select share settings in the top right corner > click limited access to “Folder Name”. Visit the Help Center to learn more about folders with limited access
    • For users whose access has been limited, you will see the folder name, but the folder will be grayed out: 
For users whose access has been limited, you will see the folder name, but the folder will be grayed out:

Availability 

Available for Google Workspace: 
  • Business Standard, Plus 
  • Enterprise Standard, Plus 
  • Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus 
  • Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade 
  • Nonprofits 

Resources 

Adding multi-monitor support to Google Slides

What’s changing 

Starting today, we’re making it easier to view your Google Slides presentation controls on your computer while presenting to an audience using a connected external monitor or projector. 

Multi-monitor support enables presenters to see Presentation View components, such as speaker notes and the timer, on one display, while displaying the slides presentation on an external monitor. 

presenting on Slides using a connected external monitor


Who’s impacted

End users 


Why it matters

This updated experience helps you present with greater confidence and gives you more control when managing multiple presentation displays. 


Getting started

  • Admins: There is no admin control for this feature. 
  • End users: You can enable this feature by using “Presentation display options”. Visit the Help Center to learn more about presenting slides with other monitors.

Rollout pace 


Availability 

  • Available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts 

Resources 

A new path for Kyber on the web

We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization process for Kyber had not yet finished.

Since then, the Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google’s cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library.

The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber. As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519. To handle this, we will be making the following changes in Chrome 1311:

  • Chrome will switch from supporting Kyber to ML-KEM
  • Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)
  • The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM
  • Chrome will no longer support hybrid Kyber (codepoint 0x6399)

Chrome will not support Kyber and ML-KEM at the same time. We made this decision for several reasons:

  1. Kyber was always experimental, so we think continuing to support it risks ossification on non-standard algorithms.
  2. Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.
  3. Server operators can temporarily support both algorithms at the same time to maintain post-quantum security with a broader set of clients, as they update over time.

We do not want to regress any clients’ post-quantum security, so we are waiting until Chrome 131 to make this change so that server operators have a chance to update their implementations.

Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction. This allows servers to broadcast what algorithms they support in DNS, so that clients can predict a key share that a server is known to support. This avoids the risk of an extra round trip, which can be particularly costly when using large post-quantum algorithms.

We’re excited to continue to improve security for Chrome users, against both current and future computers.

Notes


  1. Chrome Canary, Dev, and Beta may see these changes prior to Chrome 131.