After delays to Chrome version 81 in March, and the scrapping of version 82 a month later, this week sees the early arrival of Chrome 83 with a longer list of new security features than originally planned.
As browser updates go, it’s a lot to take in although some of them are more tweaks to existing features than anything radically new.
It’s hard to pick out a single big feature, although for some it will be upgraded support for DNS-over-HTTPS (DoH), a privacy technology that makes it much harder for third parties (ISPs, the Government, malevolent parties) to see which web domains someone is visiting.
First, it’s not turned on by default, and might not even be visible under Settings > Privacy and security > Advanced (type chrome://flags/ into the address bar and search for Secure DNS > Enable if that’s the case).
On Chrome, unlike Firefox, users still have to set up a DNS provider that supports DoH via the OS. You can test it’s working using Cloudflare’s security check.
Enhanced Safe Browsing
Chrome’s Settings pane now includes an enhanced browsing mode which monitors whether the pages a user is visiting, or downloads, have been marked by Google’s Safe Browsing as malicious or suspect.
It’s still optional which raises the issue of why users wouldn’t want this protection. One answer might simply be privacy – turned on, Google will be checking every URL and download against its own database.
The user is now made more aware of Chrome extensions, which are now accessible through an icon in the toolbar. This is positive – numerous incidents underline that untended extensions represent a security risk.
Users can now monitor permissions from a simple toolbar icon rather than having to dig into menus, which few are inclined to do. Judging from the experimental ‘extensions checkup’ feature accessible via chrome://flags, Google plans to expand the capabilities of this in future versions.
It’s now possible to allow or block cookies for individual sites, including in incognito mode. The ‘clear browser data’ has now been moved to the top of Settings > Privacy and security.
This seems to work like a one-stop check on important settings, including telling users whether specific passwords have been compromised (using the Password Checkup technology added in Chrome 79). It also checks for malicious extensions, makes sure the user is running the latest versions of Chrome, and will tell you whether Safe Browsing is turned off.
This is all good, right?
It never hurts to have more security and privacy but some of the new features (blocking cookies in incognito mode, for example) are already implemented by rival browsers. Some of what’s on offer is playing catch up.
But browser makers know most users don’t delve deeply into many of these features, so the battle has become making security and privacy easier to access in the hope this means it will be more likely to be used.
Endnote: if your Chrome install says ‘your browser is managed by organization’ (type chrome://management into address bar) then some of the features mentioned in this article might not appear immediately.
This might be because it is managed by an employer, or simply a relic of a security program that set a policy in the past. On Windows, deleting this setting requires delving into Windows regedit with respect for the adage there be dragons.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.