Tag Archives: Chrome

Making Chrome extensions more private and secure

Every day 4 million Chrome extensions are downloaded, and with more than 250,000 extensions and themes available on the Chrome Web Store, no two Chrome browsers are alike. From productivity and learning tools to entertainment and shopping, extensions on Chrome open up a new world of possibilities that let you customize your experience and help you get things done. We make sure the extensions that our developers build meet your expectations for privacy and security so you can continue to explore and enjoy browsing the web with Chrome. Here's how we’ve improved in 2020 and what’s coming next year:

Stricter privacy rules and more control over your data

In 2021, we’ll change how extensions access data and how permissions work when an extension is installed. You will get to determine which websites the extension can access when you browse the web, instead of letting the extension decide. These updates follow other changes we made this year when we introduced the puzzle icon on the toolbar to make extension controls more visible and granular. 

Once you grant an extension permission to access a website's data, that preference can be saved for that domain. You can also still decide to grant an extension access to all the websites you visit, but that is no longer the default.

Gif showing that you will be able to manage the extension’s permissions, so you control which websites it can access as you browse the web.

In 2021, you will be able to manage the extension’s permissions, so you control which websites it can access as you browse the web. 

Transparent extensions’ data usage

We’ve also been improving our developer policies to make extensions more transparent. Starting January 18th, every extension will publicly display its “privacy practices” which will use clear visuals and simple language to explain the data they collect and use. We’re also limiting what developers can do with the data they collect. 


Image showing user interface for Chrome extension "privacy practices" feature

You will find the new privacy practices overview right on the extension listing.

More security updates to keep you safe

Over the last year,  we’ve updated our security practices to help us identify more harmful extensions before they enter the Chrome Web Store. For instance, thanks to our integration with Google Safe Browsing, the number of malicious extensions that Chrome disabled to protect people grew by 81 percent.

Earlier this year we also updated Chrome’s Safety check in Settings to help you quickly confirm if harmful extensions are installed and learn how to remove them. Next year, we’re planning to launch more protections through Enhanced Safe Browsing

Image showing user interface for Chrome’s Safety check. Image dialogue box reading "2 potentially harmful extensions are off. You can also remove them."

If malicious extensions are installed, Chrome’s Safety check will tell you how to remove them.

Ready to start customizing your experience on Chrome? Check out the extension collections we feature on the Chrome Web Store, including the regularly updated Editor’s Pick, Staying at home, Enhance your gameplay or Personalize Chrome collections. Our priority is to continue developing features that protect your data and keep you safe, while you choose extensions that help you get the best out of Chrome.

Announcing Bonus Rewards for V8 Exploits

Starting today, the Chrome Vulnerability Rewards Program is offering a new bonus for reports which demonstrate exploitability in V8, Chrome’s JavaScript engine. We have historically had many great V8 bugs reported (thank you to all of our reporters!) but we'd like to know more about the exploitability of different V8 bug classes, and what mechanisms are effective to go from an initial bug to a full exploit. That's why we're offering this additional reward for bugs that show how a V8 vulnerability could be used as part of a real world attack.

In the past, exploits had to be fully functional to be rewarded at our highest tier, high-quality report with functional exploit. Demonstration of how a bug might be exploited is one factor that the panel may use to determine that a report is high-quality, our second highest tier, but we want to encourage more of this type of analysis. This information is very useful for us when planning future mitigations, making release decisions, and fixing bugs faster. We also know it requires a bit more effort for our reporters, and that effort should be rewarded. For the time being this only applies to V8 bugs, but we’re curious to see what our reporters come up with!

The full details are available on the Chrome VRP rules page. At a high-level, we’re offering increased reward amounts, up to double, for qualifying V8 bugs.

The following table shows the updated reward amounts for reports qualifying for this new bonus. These new, higher values replace the normal reward. If a bug in V8 doesn’t fit into one of these categories, it may still qualify for an increased reward at the panel’s discretion.

[1] Baseline reports are unable to meet the requirements to qualify for this special reward.

So what does a report need to do to demonstrate that a bug is likely exploitable? Any V8 bug report which would have previously been rewarded at the high-quality report with functional exploit level will likely qualify with no additional effort from the reporter. By definition, these demonstrate that the issue was exploitable. V8 reports at the high-quality level may also qualify if they include evidence that the bug is exploitable as part of their analysis. See the rules page for more information about our reward levels.

The following are some examples of how a report could demonstrate that exploitation is likely, but any analysis or proof of concept will be considered by the panel:

  • Executing shellcode from the context of Chrome or d8 (V8’s developer shell)
  • Creating an exploit primitive that allows arbitrary reads from or writes to specific addresses or attacker-controlled offsets
  • Demonstrating instruction pointer control
  • Demonstrating an ASLR bypass by computing the memory address of an object in a way that’s exposed to script
  • Providing analysis of how a bug could lead to type confusion with a JSObject

For example reports, see issues 914736 and 1076708.

We’d like to thank all of our VRP reporters for helping us keep Chrome users safe! We look forward to seeing what you find.

-The Chrome Vulnerability Rewards Panel

A faster Chrome, for everything you need to get done

Today we're offering up our final Chrome release of 2020. The updates can help you get things done this holiday season (and beyond), so you can make life's work a bit smoother and reclaim precious time.


Faster to start, faster to load, and way more battery life

This month's update represents the largest gain in Chrome performance in years, thanks to many under-the-hood improvements. Here’s what’s starting to roll out today:


  • Chrome now prioritizes your active tabs vs. everything that’s open—reducing CPU usage by up to 5x and extending battery life by up to 1.25 hours (based on our internal benchmarks).

  • Chrome now starts up to 25 percent faster, loads pages up to 7 percent faster, and does all of this using less power and RAM than before.

  • Chrome on Android now loads pages near instantaneously when you navigate backward and forward, making these common tasks super fast.


Tabs: pin ‘em, group ‘em, and now search ‘em

Many people use tabs to organize their stuff online—from read-worthy articles, to sources of inspiration, to everyday to-do’s. This range of utility is why you can pin tabs (for those go-to pages), send tabs to your other devices and even group tabs in Chrome. This month we're adding tab search to the toolbox.


You’ll now be able to see a list of your open tabs—regardless of the window they’re in—then quickly type to find the one you need. It’s search … for your tabs! The feature is coming first to Chromebooks, then to other desktop platforms soon.
Searching for a tab in Chrome

Even if you have multiple Chrome windows, you can find a tab no matter which window it’s in.

Taking action directly from the address bar

The address bar is one of those multi-sport athletes in Chrome: you can type a search, a URL, or just tap on a suggestion, and it gets you where you’d like to go. In fact, we call it the "omnibox" inside of Google (#TheMoreYouKnow).


In this release, we’re expanding what you can do in the address bar with Chrome Actions—a faster way to get things done with just a few keystrokes. For example: when you type “edit passwords,” or “delete history,” you can now take action directly from the bar. Our first set of actions—available initially on desktop—focuses on privacy and security, so you can increase your peace of mind in a few clicks.

Chrome Actions in the search bar

Our first set of Chrome Actions makes managing your privacy and security settings even easier.

A way to pick up where you left off

You know when you find that delicious recipe online, then you can't find it again when it’s time to cook dinner? We’ve heard similar stories from lots of people, for lots of different scenarios.


To help you jump back into activities like planning a meal, researching a holiday gift, or winding down with a video, we'll soon add cards to your new tab page in Chrome. Clicking on them will take you to recently-visited and related content on the web, and save you time in the process

Cards displaying recipes, shopping, and entertainment content

Cards in Chrome will help you pick up where you left off. They include recently-visited and related content, and they'll start showing up for some users on the new tab page, underneath the shortcuts.

We’re starting with a few experiments in areas like cooking and shopping, and we plan to add entertainment early next year. This is a definitely a new type of experience in Chrome, so we welcome your feedback.


All of the above—plus some other features we’ll share on Twitter—is rolling out over the next few weeks. So stay tuned, and here’s to what’s next!

4 reasons to set Chrome as your default browser on iOS

With iOS 14, you can now change your default browser (the browser that automatically opens links) to Chrome on your iPhone or iPad. If you already use Chrome on your computer, Chrome on iOS delivers the same familiar and easy-to-use experience, with a look and feel that’s right at home on your iPhone or iPad. Here are four reasons you should try it—including a couple of recently released features and some new ones coming soon.


1. Your Chrome on any device

When you’re signed in to your Google account you can sync Chrome across your phone, tablet or computer so your passwords, payment details, autofill information and bookmarks are automatically available on all of those devices. No need to take out your credit card or type in your address if you need to buy something while you’re on the go. 


Chrome also makes switching between devices really easy. From the search bar of Chrome for desktop or the sharing menu of Chrome for iOS, you can send a tab to another signed-in device with just a click. If you find a recipe on your computer, you can easily pull up your recent tabs and open it up on your phone to check the ingredient list while you're out shopping. 

Chrome on any device
2. Get organized and be productive

The tab grid in Chrome for iOS already gives you an easy way to view and organize your tabs, and you can save a tab to your Reading List to read later, even if you’re offline. If you want to quickly share one of those tabs with a friend, we’re adding the ability to generate QR code that will take them right to that website. We’re also adding a download manager—one of our most-requested features—so you have a download folder to store and find files you’ve saved from Chrome.


If you have an iPad, you can now drag and drop links from Chrome to another app (and vice versa) when you’re in Split View. We’re also working on a feature that will let you open multiple windows in Chrome on iPad so you can view two tabs at one time. Chrome already supports mouse usage on iPadOS, and soon we’re adding support for Scribble integrations with the Apple Pencil for those who prefer writing over typing or tapping. 


Get organized and be productive
3. Feel safe browsing the web 

Chrome keeps your information secure, so you don’t have to be a security expert to feel safe on the web. Its built-in password manager generates unique passwords, securely stores them, and helps you identify and fix compromised passwords. For an added layer of protection, soon you will be able to use your fingerprint to confirm your identity when filling in passwords in Chrome. Plus, the password manager can now autofill saved Chrome login details into other apps or browsers. In addition to helping you with your passwords, Chrome on iOS now includes Google Safe Browsing, which alerts you with a warning before you open a potentially dangerous site. 

Stay safe on the web
4. The browser with Google built in

Chrome is built with Google Search at the core, which means you get answers quickly with personalized search results and instant answers that appear as you type. Google Translate is also integrated into Chrome so you can automatically translate sites in over 100 languages with a single click. And the “Articles for You” section of the Chrome new tab page brings you articles, stories and blogs from around the web, tailored to your interests.

Google built in

To set Chrome as your default browser, you’ll need to first make sure your iPhone or iPad is running iOS 14 and you have Chrome installed. Then complete the following steps:

  1. Visit iPhone Settings, scroll down until you see “Chrome” and tap on it

  2. Tap on “Default Browser App”

  3. Choose “Chrome”

Source: Google Chrome


Easier access to Search, Chrome and Gmail in iOS 14

iOS 14 has launched, and with it comes new features that make it easier to access some of the Google apps you use most often. Starting today, you can add a Google Search Widget to your Home Screen to let you find information even faster. You can also set Chrome as your default browser app on your iPhone or iPad, and in the coming days, you’ll be able to set Gmail as your default email app. 

Find it even faster with new iOS Home Screen Widget for the Google app

In iOS 14, you can add Widgets to your Home Screen so you can access apps more quickly or get information at a glance. Starting today, we're giving you lightning-fast access to Search with a Widget in two sizes: one with just Search, and one with shortcuts to three additional ways to search, depending on your preference.

The Google app is a great way to find relevant and helpful information on your iPhone or iPad-- from web pages and quick answers to images, products, news, even life-size AR animals. And you can choose from several different ways to search, including typing, talking, or using your camera with Lens. 

With the Quick Search Widget, you can search for anything, right from your Home Screen. The Shortcuts Widget includes a quick Search bar and additional search modes: Lens, which lets you search what you see through your camera; Voice Search if you don’t feel like typing; and Incognito mode for an extra layer of privacy. 

iOS Homescreen Google Search Widget

To set up Search as a Home Screen Widget, first make sure you have the Google app downloaded from the App Store. Then follow these steps:


  1. Press and hold on the home screen of your iPhone or iPad

  2. Tap the plus icon on the upper left corner to open the widget gallery

  3. Search for & tap the Google app

  4. Swipe right/left to select the widget size

  5. Tap “Add Widget”

  6. Place the widget and tap “Done” at the upper right corner

Google Search Widget

Set Chrome and Gmail as your default browser and email app 

If you set Chrome as your default browser, when you open a link from another app, it will open in Chrome. Similarly, if you set Gmail as your default email app, any time you tap on an email icon on the web, it will open the Gmail app. 


With Chrome and Gmail, you can:


Chrome

  • Sync Chrome on your computer or tablet to automatically access your bookmarks, saved passwords and payment methods, settings, and recently opened tabs

  • Get answers quickly with personalized search results from Google that instantly appear as you type

  • Browse safely with advanced protection from threats like phishing and dangerous websites

  • Easily view and open your tabs with an uncluttered tab grid design

Gmail

  • Easily retract an email right after you send it with undo send

  • Write emails faster with Smart Compose or respond to emails quickly with Smart Reply

  • Schedule emails to send at a later time or date with schedule send

  • Protect sensitive information from unauthorized access, set an expiration date for messages or remove options to forward, copy, print, and download with confidential mode 

To set Chrome and Gmail as your default browser and email apps, first, make sure you have both Chrome and Gmail downloaded from the App Store. Then follow these steps:


Chrome

1. Open the Settings app on your iPhone or iPad, scroll down until you see “Chrome” and tap on it

2. Tap on “Default Browser App”

3. Choose “Chrome”

How to make Chrome your default browser in iOS

Gmail

1. Open the Settings app on your iPhone or iPad, scroll down until you see “Gmail” and tap on it

2. Tap on “Default Mail App”

3. Choose “Gmail”

How to make Gmail your default email app in iOS

Now that you’re set up with Google on iOS 14, take it for a spin! And stay tuned for more Google Widgets in the coming weeks to make your iPhone even more helpful. 

Source: Google Chrome


Improved malware protection for users in the Advanced Protection Program

Google’s Advanced Protection Program helps secure people at higher risk of targeted online attacks, like journalists, political organizations, and activists, with a set of constantly evolving safeguards that reflect today’s threat landscape. Chrome is always exploring new options to help all of our users better protect themselves against common online threats like malware. As a first step, today Chrome is expanding its download scanning options for users of Advanced Protection.

Advanced Protection users are already well-protected from phishing. As a result, we’ve seen that attackers target these users through other means, such as leading them to download malware. In August 2019, Chrome began warning Advanced Protection users when a downloaded file may be malicious.

Now, in addition to this warning, Chrome is giving Advanced Protection users the ability to send risky files to be scanned by Google Safe Browsing’s full suite of malware detection technology before opening the file. We expect these cloud-hosted scans to significantly improve our ability to detect when these files are malicious.

When a user downloads a file, Safe Browsing will perform a quick check using metadata, such as hashes of the file, to evaluate whether it appears potentially suspicious. For any downloads that Safe Browsing deems risky, but not clearly unsafe, the user will be presented with a warning and the ability to send the file to be scanned. If the user chooses to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis techniques in real time. After a short wait, if Safe Browsing determines the file is unsafe, Chrome will warn the user. As always, users can bypass the warning and open the file without scanning, if they are confident the file is safe. Safe Browsing deletes uploaded files a short time after scanning.

unknown.exe may be dangerous. Send to Google Advanced Protection for scanning?
Online threats are constantly changing, and it's important that users’ security protections automatically evolve as well. With the US election fast approaching, for example, Advanced Protection could be useful to members of political campaigns whose accounts are now more likely to be targeted. If you’re a user at high-risk of attack, visit g.co/advancedprotection to enroll in the Advanced Protection Program.

Guidance to developers affected by our effort to block less secure browsers and applications

Posted by Lillan Marie Agerup, Product Manager

We are always working to improve security protections of Google accounts. Our security systems automatically detect, alert and help protect our users against a range of security threats. One form of phishing, known as “man-in-the-middle”, is hard to detect when an embedded browser framework (e.g., Chromium Embedded Framework - CEF) or another automation platform is being used for authentication. MITM presents an authentication flow on these platforms and intercepts the communications between a user and Google to gather the user’s credentials (including the second factor in some cases) and sign in. To protect our users from these types of attacks Google Account sign-ins from all embedded frameworks will be blocked starting on January 4, 2021. This block affects CEF-based apps and other non-supported browsers.

To minimize the disruption of service to our partners, we are providing this information to help developers set up OAuth 2.0 flows in supported user-agents. The information in this document outlines the following:

  • How to enable sign-in on your embedded framework-based apps using browser-based OAuth 2.0 flows.
  • How to test for compatibility.

Apps that use embedded frameworks

If you're an app developer and use CEF or other clients for authorization on devices, use browser-based OAuth 2.0 flows. Alternatively, you can use a compatible full native browser for sign-in.

For limited-input device applications, such as applications that do not have access to a browser or have limited input capabilities, use limited-input device OAuth 2.0 flows.

Browsers

Modern browsers with security updates will continue to be supported.

Browser standards

The browser must have JavaScript enabled. For more details, see our previous blog post.

The browser must not proxy or alter the network communication. Your browser must not do any of the following:

  • Server-side rendering
  • HTTPS proxy
  • Replay requests
  • Rewrite HTTP headers

The browser must have a reasonably complete implementation of web standards and browser features. You must confirm that your browser does not contain any of the following:

  • Headless browsers
  • Node.js
  • Text-based browsers

The browser must identify itself clearly in the User-Agent. The browser must not try to impersonate another browser like Chrome or Firefox.

The browser must not provide automation features. This includes scripts that automate keystrokes or clicks, especially to perform automatic sign-ins. We do not allow sign-in from browsers based on frameworks like CEF or Embedded Internet Explorer.

Test for compatibility

If you're a developer that currently uses CEF for sign-in, be aware that support for this type of authentication ends on January 4, 2021. To verify whether you'll be affected by the change, test your application for compatibility. To test your application, add a specific HTTP header and value to disable the allowlist. The following steps explain how to disable the allowlist:

  1. Go to where you send requests to accounts.google.com.
  2. Add Google-Accounts-Check-OAuth-Login:true to your HTTP request headers.

The following example details how to disable the allowlist in CEF.

Note: You can add your custom headers in CefRequestHandler#OnBeforeResourceLoad.

    CefRequest::HeaderMap hdrMap;
request->GetHeaderMap(hdrMap);
hdrMap.insert(std::make_pair("Google-Accounts-Check-OAuth-Login", "true"));

To test manually in Chrome, use ModHeader to set the header. The header enables the changes for that particular request.

Setting the header using ModHeader

Related content

See our previous blog post about protection against man-in-the-middle phishing attacks.

Organize your tabs and stay productive in Chrome

These days, people are spending a lot of time in their browsers to get things done, whether for work, school or something else. And while some write out a formal to-do list to keep track of tasks, for others, their to-do list is their tabs in Chrome. However you get things done, we want Chrome to help you be more productive. Today we’re sharing a number of improvements, including tabs that load faster and new features that let you organize and find them easily. 

Get more done, with 10 percent faster tabs in Chrome

When you’re checking off one task after another from your to-do list, waiting even a few seconds while your tabs load can slow you down.  These under-the-hood performance improvements will make your Chrome tabs load up to 10 percent faster. 

Group your tabs, then collapse them

Tab groups help you visually distinguish your tabs by topic or task—like work or shopping—or even priority. Now you can collapse and expand your tab groups, so it's easier to see the ones you need to access. This was the most popular feature request we heard from those of you using tab groups, and as we begin rolling out this functionality, we hope you’ll give it a try.

Tab Groups-Expand_Collapse.gif

New touch-friendly tabs for tablet mode

If you use Chrome in your laptop’s tablet mode, you’ll soon have an easier time flipping through your tabs, finding the page you’re looking for, and browsing the web. Coming to Chromebooks first, a new touchscreen interface has tabs that are larger and more practical to organize, and hide when you don’t need them.

TouchpadTab_Manager.gif

Switch to an already-open tab

Rolling out on Android in this release, when you start typing a page title into the address bar, you’ll see a suggestion to switch to that tab if you already have it open. You can already do this in Chrome on your laptop.

Switch to Tab on Android.png

If you already have the page open, you’ll see a new suggestion to switch to that tab.

Find your tab faster with tab previews

It can be frustrating to click through multiple tabs trying to find the one you want. Coming to Chrome Beta to try out this release, you can hover over a tab and quickly see a thumbnail preview of the page. This is useful when you have lots of tabs that look the same (how did I end up with this many Google Docs tabs, anyway?).

Hover_Preview.gif

Fill out and save PDFs in Chrome

In this Chrome release, we’re also going beyond tabs to improve Chrome’s PDF functionality. Over the next few weeks, you’ll be able to fill out PDF forms and save them with your inputs, directly from Chrome. If you open the file again, you can pick up where you left off.

PDF-Editor.gif

URL sharing made easier

For Android users, we’ve improved  URL sharing to help you quickly copy a link, send it to Chrome on your other devices, and send links through other apps. You can also print the page or generate a QR code to scan or download. This new QR code feature is also rolling out to Chrome on desktop and can be accessed from a new QR icon in the Chrome address bar.

Copy of QR_Code_Dino.png

We hope all these updates will make it easier and faster to browse and get things done in Chrome. We prioritize keeping Chrome stable, so features sometimes take time until they roll out to every browser. Follow us on Twitter to get the latest updates on feature rollout.

Celebrating 10 years of WebM and WebRTC

Originally posted on the Chromium Blog

Ten years ago, Google planted the seeds for two foundational web media technologies, hoping they would provide the roots for a more vibrant internet. Two acquisitions, On2 Technologies and Global IP Solutions, led to a pair of open source projects: the WebM Project, a family of cutting edge video compression technologies (codecs) offered by Google royalty-free, and the WebRTC Project building APIs for real-time voice and video communication on the web.

These initiatives were major technical endeavors, essential infrastructure for enabling the promise of HTML5 with support for video conferencing and streaming. But this was also a philosophical evolution for media as Product Manager Mike Jazayeri noted in his blog post hailing the launch of the WebM Project:
“A key factor in the web’s success is that its core technologies such as HTML, HTTP, TCP/IP, etc. are open and freely implementable.”
As emerging first-class participants in the web experience, media and communication components also had to be free and open.

A decade later, these principles have ensured compression and communication technologies capable of keeping pace with a web ecosystem characterized by exponential growth of media consumption, devices, and demand. Starting from VP8 in 2010, the WebM Project has delivered up to 50% video bitrate savings with VP9 in 2013 and an additional 30% with AV1 in 2018—with adoption by YouTube, Facebook, Netflix, Twitch, and more. Equally importantly, the WebM team co-founded the Alliance for Open Media which has brought the IP of over 40 major tech companies in support of open and free codecs. With Chrome, Edge, Firefox and Safari supporting WebRTC, more than 85% of all installed browsers globally have become a client for real-time communications on the Internet. WebRTC has become a stable standard and it is now the default solution for video calling on the Web. These technologies have succeeded together, as today over 90% of encoded WebRTC video in Chrome uses VP8 or VP9.

The need for these technologies has been highlighted by COVID-19, as people across the globe have found new ways to work, educate, and connect with loved ones via video chat. The compression of open codecs has been essential to keeping services running on limited bandwidth, with over a billion hours of VP9 and AV1 content viewed every day. WebRTC has allowed for an ecosystem of interoperable communications apps to flourish: since the beginning of March 2020, we have seen in Chrome a 13X increase in received video streams via WebRTC.

These successes would not have been possible without all the supporters that make an open source community. Thank you to all the code contributors, testers, bug filers, and corporate partners who helped make this ecosystem a reality. A decade in, Google remains as committed as ever to open media on the web. We look forward to continuing that work with all of you in the next decade and beyond.

By Matt Frost, Product Director Chrome Media and Niklas Blum, Senior Product Manager WebRTC

More intuitive privacy and security controls in Chrome

Keeping you safe and secure online is part of Chrome’s DNA. Along with providing strong default protections, we aim to give you accessible, intuitive, and useful controls so you can make choices that are right for you. So, today we’ve started rolling out new tools and a redesign of Chrome’s privacy and security settings on desktop, to help you control your safety on the web. 

Easy to understand controls

With this redesign, we’ve made the controls even easier to find and understand, with simplified language and visuals:

  • It’s easier to manage cookies. You can choose if and how cookies are used by websites you visit, with options to block third-party cookies in regular or Incognito mode, and to block all cookies on some or all websites. 
  • In Site Settings, we’ve reorganized the controls into two distinct sections to make it easier to find the most sensitive website permissions: access to your location, camera or microphone, and notifications. A new section also highlights the most recent permissions activity.
  • At the top of Chrome settings, you’ll see “You and Google” (previously “People”), where you can find sync controls. These controls put you in charge of what data is shared with Google to store in your Google Account  and made available across all your devices.
  • Because many people regularly delete their browsing history, we’ve moved that control, “Clear browsing data”, to the top of the Privacy & Security section. 
01 Settings_small size.gif

Clearer, more accessible controls to help you manage cookies.

Safety check in Chrome 

With our new safety check in settings, you can quickly confirm the safety of your experience in Chrome.

  • The new tool will tell you if the passwords you’ve asked Chrome to remember have been compromised, and if so, how to fix them. 
  • It will flag if Safe Browsing, Google’s technology to warn before you visit a dangerous site or download a harmful app or extension, is turned off. 
  • The safety check tool also has a new additional way to quickly see if your version of Chrome is up to date, i.e. if it’s updated with the latest security protections. 
  • If malicious extensions are installed, it will tell you how and where to remove them.

02 Safety check.gif

Check if your passwords have been compromised and if so, fix them with Chrome’s help.

Third-party cookie controls in Incognito mode 

In Incognito mode, where people come for a more private browsing experience, Chrome doesn’t save your browsing history, information entered in forms or browser cookies. While we continue to work on our long-term effort to make the web more private and secure with Privacy Sandbox, we want to strengthen the Incognito protections in the meantime. In addition to deleting cookies every time you close the browser window in Incognito, we will also start blocking third-party cookies by default within each Incognito session and include a prominent control on the New Tab Page. You can allow third-party cookies for specific sites by clicking the “eye” icon in the address bar. This feature will gradually roll out, starting on desktop operating systems and on Android.

03 Incognito.gif

Incognito mode blocks third-party cookies within each session.

A new home for your extensions

Starting today you’ll start to see a new puzzle icon for your extensions on your toolbar. It’s a neat way to tidy up your toolbar, and gives you more control over what data extensions can access on sites you visit. With this addition, you’ll still be able to pin your favorite extensions to the toolbar.

04 Extensions.gif

Opening menu displays your extensions and shows you what data they can currently access.

Upgraded security with Enhanced Safe Browsing protection and Secure DNS

We’re bringing you two major security upgrades that you can opt in to. First, Enhanced Safe Browsing gives you more proactive and tailored protections from phishing, malware and other web-based threats. If you turn on Enhanced Safe Browsing, Chrome proactively checks whether pages and downloads are dangerous by sending information about them to Google Safe Browsing.  If you’re signed in to Chrome, then Chrome and other Google apps you use (Gmail, Drive, etc.) will further protect you based on a holistic view of threats you encounter on the web and attacks against your Google Account. Over the next year, we’ll be adding even more protections to this mode including tailored warnings for phishing sites and file downloads, and cross-product alerts.

02 Enhanced Safe Browsing_small size.gif

Enhanced Safe Browsing offers the highest-level of security.

We’re also launching Secure DNS, a feature designed to improve your security and privacy while browsing the web. When you access a website, your browser first needs to determine which server is hosting it, using a step known as a "DNS (Domain Name System) lookup." Chrome's Secure DNS feature uses DNS-over-HTTPS to encrypt this step, thereby helping prevent attackers from observing what sites you visit or sending you to phishing websites. By default, Chrome will automatically upgrade you to DNS-over-HTTPS if your current service provider supports it. You can also configure a different secure DNS provider in the Advanced security section, or disable the feature altogether. 

DoH_Option 2.png

Secure DNS can be configured to use your current ISP's service if available (default), another provider from a list, or a custom provider.

These new updates and features, including our redesigned Privacy and Security settings, will be coming to Chrome on desktop platforms in upcoming weeks. We’ll continue to focus on features that protect your privacy and security as you’re browsing the web with Chrome, in addition to giving you clear and useful choices around managing your data.