Connect with us

Hi, what are you looking for?


Endpoint Security

Chrome Improves Security for Enterprise Use

Chrome’s Site Isolation Feature Renders Each Web Site in a Separate Process

Google is boosting the security of its browser with the release of Chrome 63, which brings a host of enhancements aimed at enterprises and also addresses 37 vulnerabilities.

Chrome’s Site Isolation Feature Renders Each Web Site in a Separate Process

Google is boosting the security of its browser with the release of Chrome 63, which brings a host of enhancements aimed at enterprises and also addresses 37 vulnerabilities.

The new browser iteration, Google says, can better protect enterprises from potential dangers like ransomware, malware, and other vulnerabilities. This is possible because of better process isolation, support for more advanced security standards, and the adoption of new policies.

One of the major enhancements Chrome 63 introduces is Site Isolation, where content for each open website is rendered in a separate process, isolated from the processes of other websites. The browser already includes sandboxing technology, but the new feature should deliver stronger security boundaries between websites.

Now, Chrome also allows IT admins to configure a new policy and restrict access to extensions based on the permissions required. Thus, they can block all extensions that require the use of a webcam or microphone, or those that want to access and modify data on the websites visited.

In an attempt to ensure more secure communication, the new browser release also enables Transport Layer Security (TLS) 1.3 for Gmail. TLS 1.3 support will be expanded to the broader web in 2018, Google reveals.

While Chrome browser users should not be impacted, IT admins can post feedback on any systems that are not interoperable with TLS 1.3. “As admins prepare for the wider use of TLS 1.3, they can configure this policy for network software or hardware that will not transit TLS 1.3 connections,” Google notes.

For the next year, the Internet giant also plans support for the NTLMv2 authentication protocol in Chrome 64, including Extended Protection for Authentication (EPA) on Mac, Android, Linux and Chrome OS. Thus, the same level of security as in Chrome on Windows will be available on all platforms performing NTLM authentication.

Advertisement. Scroll to continue reading.

IT admins can already enable the feature in chrome://flags/#enable-ntlm-v2, but Google plans on making NTLMv2 the default NTLM protocol starting with Chrome 65. The update makes Chrome the only browser to support NTLMv2 with EPA on non-Windows platforms.

The Internet search company also plans on improving the browser’s stability by blocking third-party software from injecting code into Chrome on Windows.

Because some businesses rely on code injection, however, a new policy set to be introduced in the coming months should provide admins with extended support for critical apps. To check whether their software is injecting into Chrome, admins can visit chrome://conflicts.

Google also included patches for 37 vulnerabilities in Chrome 63, including 19 security flaws reported by external researchers. These include 1 Critical severity, 6 High risk, 7 Medium severity, and 5 Low risk bugs.

The company paid over $46000 to the reporting researchers. The highest bounties were paid for a Critical Out of bounds write in QUIC ($10500), a Heap buffer overflow in PDFium ($6337), two Use after free in PDFium issues ($5000 each), an Out of bounds write in Skia ($5000), and a Use after free in libXML ($3500).

Related: Chrome to Block Apps from Injecting into Its Processes

Related: Chrome 62 Update Patches Serious Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...