Sunday, December 10, 2017

Chrome 63 is more secure than ever

Chrome 63 is more secure than ever -- and uses even more memory


Google's Chrome browser has something of a reputation for being memory-hungry. With the release of Chrome 63 this image is not going to be shed -- a new security feature increases memory usage even further.

The latest desktop version of the browser includes a new Site Isolation feature which launches individual sites -- all sites, or a specific list -- in sperate processes. While this is something that will be of particular interest to enterprise users because of the added security it brings, it's something that will appeal to any security-minded user who is willing to shoulder a 10-20 percent increase in Chrome's memory usage.

With Chrome 63 now rolling out to the stable channel, more users will be able to take advantage of Site Isolation. The new feature builds on a stability enhancing feature introduced some time ago that saw every tab being loaded into a separate process, unless those tabs were related to one another or, indeed, if there are simply a very large number of tabs open.

The introduction of Site Isolation takes the idea further, and applied the separate thread usage far more strictly. The 10-20 percent increase in memory usage that this feature introduces means that Google has not enabled it by default -- administrators will need to head into browser settings if they feel Site Isolation is something they'd like to take advantage of.

Google explains:

Google's site isolation feature improves security for Chrome browser users. When you enable site isolation, content for each open website in the Chrome browser is always rendered in a dedicated process, isolated from other sites. This creates an additional security boundary between websites.

Administrators also have new security tools to play with when it comes to extensions. Not only is it possible to block the use of specific extensions by blacklisting them, now it is also possible to block extensions based on the permissions they need.

Matt Blumberg, product manager of Chrome Enterprise, says:

Although admins have been able to whitelist and blacklist specific extensions in Chrome, we've heard feedback that it can be difficult to scale. Beginning today, IT admins can configure a new policy that restricts access to extensions based on the permissions required. For example, through policy, IT can now block all extensions that require the use of a webcam or microphone, or those that require access to reading or changing data on the websites visited. This policy is available now, and will help IT teams enforce necessary controls, without overly restricting users.


EmoticonEmoticon