Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

DNS-over-HTTPS Coming to Chrome 78

In an attempt to improve the privacy and security of its users, Google is getting ready to bring DNS-over-HTTPS (DoH) to the Chrome browser.

In an attempt to improve the privacy and security of its users, Google is getting ready to bring DNS-over-HTTPS (DoH) to the Chrome browser.

Just days after Mozilla said it was getting ready to roll out DoH in Firefox this month, Google revealed plans to run an experiment to validate its implementation of DoH in Chrome, and that this would happen in the next browser release, namely Chrome 78.

The experiment, the search giant explains, will be done in collaboration with DNS providers that already support DoH. The goal is to provide users with improved security and privacy “by upgrading them to the DoH version of their current DNS service.”

Thus, the already in use DNS service will not change, only the protocol will. This also means that the existing content controls of the DNS provider, including any existing protections for children, will remain active.

The experiment in Chrome 78, Google explains, will check if the user’s DNS provider is on a list of DoH-compatible providers, and will upgrade to the equivalent DoH service from that provider. Otherwise, Chrome will continue to operate as it does now.

“The providers included in the list were selected for their strong stance on privacy and security, as well as the readiness of their DoH services, and also agreed to participate in the experiment. The goals of this experiment are to validate our implementation and to evaluate the performance impact,” the Internet search company says.

Google will roll out the experiment for a fraction of users, on all supported platforms, with the exception of Linux and iOS.

Advertisement. Scroll to continue reading.

“On Android 9 and above, if the user has specified a DNS-over-TLS provider in the private DNS settings, Chrome may use the associated DoH provider, and will fallback to the system private DNS upon error,” Google explains.

By keeping the current DNS provider, the user experience should not be impacted. Malware protection or parental control features offered by the provider will continue to work, as the only change will be an upgrade to the provider’s equivalent DoH service.

Should DoH fail, Chrome will revert to the provider’s regular DNS service. Users looking to opt out of the experiment will be able to do so by disabling the flag at chrome://flags/#dns-over-https.

Most managed Chrome deployments are excluded from the experiment, but Google invites enterprise and education customers to read the upcoming release notes for details about DoH policies, when they will be published on the Chrome Enterprise blog.

Related: Google Makes DNS Over HTTPS Generally Available

Related: DNS-over-HTTPS Coming to Firefox

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...