Make it safe to click on links
Chrome Security’s mission is to make it safe to click on links.
We have four main focus areas:
We provide the building blocks so that all of Chrome is built with security at front of mind.
Chrome is adding a new permission prompt for sites that make connections to a user’s local network as part of the draft Local Network Access specification. The aim is to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks, and to reduce the ability of sites to use these requests to fingerprint the user’s local network.
Keep reading
Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We’ve also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.
Keep reading
For more than a decade Google has used advancements in AI to protect you from online scams where malicious actors deceive users to gain access to money, personal information, or both. Today, we're releasing a new report on how we fight scams in Search, and sharing the new ways we're using AI to keep you safe across Search, Chrome and Android.
Keep reading
Notifications in Chrome are a useful feature to keep up with updates from your favorite sites. However, we know that some notifications may be spammy or even deceptive. We’ve received reports of notifications diverting you to download suspicious software, tricking you into sharing personal information or asking you to make purchases on potentially fraudulent online store fronts.
Keep reading
From Chrome 137, Document Isolation Policy is a new feature that makes crossOriginIsolation adoption easier. Unlike COEP, Document Isolation Policy applies per frame and makes no requirements of subframes. By enabling crossOriginIsolation, Document Isolation Policy unlocks access to powerful web functionalities like SharedArrayBuffers or WebAssembly threads.
Keep reading
Earlier this month, two Chrome Root Program initiatives became required practices in the CA/Browser Forum Baseline Requirements (BRs). The CA/Browser Forum is a cross-industry group that works together to develop minimum requirements for TLS certificates. Ultimately, these new initiatives represent an improvement to the security and agility of every TLS connection relied upon by Chrome users.
Keep reading
Google Safe Browsing helps keep you safe while you surf the web by identifying phishing, malware, scams and other online threats in real time. Launched in 2005, it’s used by Chrome and many other popular browsers, Search, Android, Google Ads and Gmail to keep 5 billion devices safe and help you stay one step ahead of cybercriminals.
Keep reading
Chrome’s user interface (UI) code is complex, and sometimes has bugs.
Keep reading
The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue. When choosing where to invest it is helpful to consider how bad actors find and exploit vulnerabilities. In this post we discuss several axes along which to evaluate the potential harm to users from exploits, and how they apply to the Chrome browser.
Keep reading
The Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google’s cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library.
Keep reading
Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users. We already have a number of initiatives in this area including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection to flag the use of stolen cookies. Today, we’re announcing another layer of protection to make Windows users safer from this type of malware.
Keep reading