Google's latest effort to get companies out of Internet Explorer and keep them away from Windows 1
With the release of Chrome 63, business administrators will be able to configure Chrome to represent the content of each site in their own dedicated process.
As Google points out, keeping each site isolated from other sites in Chrome gives businesses the strongest security. The technique is designed to thwart attacks that exploit vulnerabilities in the processor process to execute malicious code within the Chrome testing zone and steal information.
However, it comes with significant overhead, increasing Chrome's memory usage in computers by 10 to 20 percent.
Optional Chrome site isolation occurs when Microsoft continues to strengthen Windows 10 Edge using hardware-based virtualization through tools such as Windows Defender Application Guard (WDAG), which allow Edge to run in an isolated hardware environment .
In October, Microsoft argued that WDAG marked a breakthrough in sandbox technology as it offers a shield against kernel attacks, which is unprotected if an attack escapes the browser sandbox.
The good news for end users is that Google and Microsoft compete fiercely on the security front, adopting different approaches to protect against new attacks.
The function of a site per process has been an equally important project for Chrome. Justin Schuh, head of security engineering at Chrome, earlier this year said the site's isolation was the biggest difference in Google's security approach and would make it Microsoft's new top Edge defenses. The technology promises to avoid remote code execution inside the Chrome rendering sandbox.
Administrators can choose to enable Chrome site isolation for all sites or select a list of websites to isolate and run in their own rendering process. Google suggests including sites where users log in and important sites such as the productivity site or the intranet.
Chrome now also offers administrators the ability to set a policy that blocks access to extensions based on the permissions they require.
This feature adds to the possibility of including in the whitelist and in the blacklist certain extensions of Chrome. Administrators have a large selection of permissions to block, including capturing audio, USB and video capture.
Additionally, Chrome 63 introduces Transport Layer Security version 1.3, which is enabled for Gmail in the updated browser.
Google is providing NTLMv2 support for Mac, Linux, Android and Chrome OS. NTLM or NT LAN Manager is a Microsoft authentication protocol for Windows.
Chrome 64, due out early in 2018, includes support for NTLMv2 and extended protection for authentication. Chrome support for non-Windows platforms brings Chrome to them on the same level as Chrome on Windows.
The company will also offer administrators some room for maneuver on a new offensive against antivirus software that injects code into Chrome processes. Google argues that this is an obsolete process that causes failures.
Chrome warnings will advise users to uninstall the antivirus. It is encouraging providers to use other methods, such as Chrome extensions and native messaging. As of Chrome 66 in April 2018, users can see a notification to update or remove the offensive application.
To serve businesses, Google will offer a new policy that offers administrators extended support for critical applications that need to inject code into Chrome to function.
Finally, Chrome 63 includes solutions for 37 vulnerabilities. Google paid investigators $ 46,174 for reporting Chrome errors, including a prize to the Microsoft Offensive Security Research Team.
Previous and related coverage
Google will block Chrome on Windows
Does the Chrome web browser hang on Windows? Google plans to solve a common cause of these problems.
Five tricks to make Google Chrome faster and better
Here are five tricks to help you speed up your browser and increase your productivity.
Main extensions of Google Chrome to improve your productivity, security and performance
If you are a Google Chrome user and you are not using extensions, then you really are missing out. Here is a selection of extensions specifically designed to increase your productivity and privacy.