chrome.security

Make it safe to click on links

Chrome Security’s mission is to make it safe to click on links.

We have four main focus areas:

  • Exploit Defense, which maintains the sandbox, secures process architecture, runs memory safety initiatives, and works to protect Chrome from hackers.
  • Secure Web and Network, which maintains the cryptography used by Chrome, secures Chrome’s encrypted network traffic, and works to ensure the core technology of the web is designed with security in mind.
  • Counter Abuse, which aims to protect people from phishing, malware, and other scams and malicious content.
  • Bug Response, which ensures bugs in Chrome are found and patched quickly, via fuzzing and the Vulnerability Rewards Program.

We provide the building blocks so that all of Chrome is built with security at front of mind.

Recent blog posts

Thursday 8 May, 2025

Using AI to stop tech support scams in Chrome

Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We’ve also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.

Keep reading

Thursday 8 May, 2025

How we’re using AI to combat the latest scams

Jasika Bawa and Phiroze Parakh

For more than a decade Google has used advancements in AI to protect you from online scams where malicious actors deceive users to gain access to money, personal information, or both. Today, we're releasing a new report on how we fight scams in Search, and sharing the new ways we're using AI to keep you safe across Search, Chrome and Android.

Keep reading

Thursday 8 May, 2025

Fighting Unwanted Notifications with Machine Learning in Chrome

Hannah Buonomo & Sarah Krakowiak Criel, Chrome Security

Notifications in Chrome are a useful feature to keep up with updates from your favorite sites. However, we know that some notifications may be spammy or even deceptive. We’ve received reports of notifications diverting you to download suspicious software, tricking you into sharing personal information or asking you to make purchases on potentially fraudulent online store fronts.

Keep reading

Even more posts!!11!1!oneeleven

Thursday 27 March, 2025

New security requirements adopted by HTTPS certificate industry

Chrome Root Program

Earlier this month, two Chrome Root Program initiatives became required practices in the CA/Browser Forum Baseline Requirements (BRs). The CA/Browser Forum is a cross-industry group that works together to develop minimum requirements for TLS certificates. Ultimately, these new initiatives represent an improvement to the security and agility of every TLS connection relied upon by Chrome users.

Keep reading

Tuesday 11 February, 2025

Defending 1 billion Chrome users with Enhanced Protection

Benjamin Ackerman, Chrome and Jonathan Li, Safe Browsing

Google Safe Browsing helps keep you safe while you surf the web by identifying phishing, malware, scams and other online threats in real time. Launched in 2005, it’s used by Chrome and many other popular browsers, Search, Android, Google Ads and Gmail to keep 5 billion devices safe and help you stay one step ahead of cybercriminals.

Keep reading

Thursday 10 October, 2024

Using Chrome's accessibility APIs to find security bugs

Adrian Taylor

Chrome’s user interface (UI) code is complex, and sometimes has bugs.

Keep reading

Thursday 3 October, 2024

Evaluating Mitigations & Vulnerabilities in Chrome

Alex Gough

The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue. When choosing where to invest it is helpful to consider how bad actors find and exploit vulnerabilities. In this post we discuss several axes along which to evaluate the potential harm to users from exploits, and how they apply to the Chrome browser.

Keep reading

Friday 13 September, 2024

A new path for Kyber on the web

David Adrian, Bob Beck, David Benjamin and Devon O'Brien

The Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google’s cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library.

Keep reading

Tuesday 30 July, 2024

Improving the security of Chrome cookies on Windows

Will Harris

Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users. We already have a number of initiatives in this area including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection to flag the use of stolen cookies. Today, we’re announcing another layer of protection to make Windows users safer from this type of malware.

Keep reading

Wednesday 24 July, 2024

Building security into the redesigned Chrome downloads experience

Jasika Bawa, Lily Chen, and Daniel Rubery

Last year, we introduced a redesign of the Chrome downloads experience on desktop to make it easier for users to interact with recent downloads. At the time, we mentioned that the additional space and more flexible UI of the new Chrome downloads experience would give us new opportunities to make sure users stay safe when downloading files.

Keep reading

Thursday 27 June, 2024

Sustaining Digital Certificate Security — Entrust Certificate Distrust

Chrome Root Program

The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.

Keep reading