After delays to Chrome version 81 in March, and the scrapping of version 82 a month later, this week sees the early arrival of Chrome 83 with a longer list of new security features than originally planned.

1. Google Chrome Security
2. Sophos Chrome Security Update
3. Sophos Chrome Security Settings
4. How Good Is Sophos Security

As browser updates go, it’s a lot to take in although some of them are more tweaks to existing features than anything radically new.

Naked Security - Computer security news, opinion, advice and research from anti-virus experts Sophos. Chrome’s Settings pane now includes an enhanced browsing mode which monitors whether the pages a user is visiting, or downloads, have been marked by Google’s Safe Browsing as malicious or suspect. It’s still optional which raises the issue of why users wouldn’t want this protection. With a Chrome Security policy you configure settings for the Sophos Chrome Security extension when it’s enrolled with Sophos Mobile.

It’s hard to pick out a single big feature, although for some it will be upgraded support for DNS-over-HTTPS (DoH), a privacy technology that makes it much harder for third parties (ISPs, the Government, malevolent parties) to see which web domains someone is visiting.

See our previous coverage for more explanation of the benefits of DoH (and forthcoming support for it in Windows 10) but be aware that Google still doesn’t make using this as easy as it should be.

First, it’s not turned on by default, and might not even be visible under Settings > Privacy and security > Advanced (type chrome://flags/ into the address bar and search for Secure DNS > Enable if that’s the case).

On Chrome, unlike Firefox, users still have to set up a DNS provider that supports DoH via the OS. You can test it’s working using Cloudflare’s security check.

Google Chrome Security

Enhanced Safe Browsing

Chrome’s Settings pane now includes an enhanced browsing mode which monitors whether the pages a user is visiting, or downloads, have been marked by Google’s Safe Browsing as malicious or suspect.

It’s still optional which raises the issue of why users wouldn’t want this protection. One answer might simply be privacy – turned on, Google will be checking every URL and download against its own database.

Extensions

The user is now made more aware of Chrome extensions, which are now accessible through an icon in the toolbar. This is positive – numerous incidents underline that untended extensions represent a security risk.

Sophos Chrome Security Update

Users can now monitor permissions from a simple toolbar icon rather than having to dig into menus, which few are inclined to do. Judging from the experimental ‘extensions checkup’ feature accessible via chrome://flags, Google plans to expand the capabilities of this in future versions.

Cookie control

It’s now possible to allow or block cookies for individual sites, including in incognito mode. The ‘clear browser data’ has now been moved to the top of Settings > Privacy and security.

Safety check

This seems to work like a one-stop check on important settings, including telling users whether specific passwords have been compromised (using the Password Checkup technology added in Chrome 79). It also checks for malicious extensions, makes sure the user is running the latest versions of Chrome, and will tell you whether Safe Browsing is turned off.

This is all good, right?

It never hurts to have more security and privacy but some of the new features (blocking cookies in incognito mode, for example) are already implemented by rival browsers. Some of what’s on offer is playing catch up.

But browser makers know most users don’t delve deeply into many of these features, so the battle has become making security and privacy easier to access in the hope this means it will be more likely to be used.

Endnote: if your Chrome install says ‘your browser is managed by organization’ (type chrome://management into address bar) then some of the features mentioned in this article might not appear immediately.

This might be because it is managed by an employer, or simply a relic of a security program that set a policy in the past. On Windows, deleting this setting requires delving into Windows regedit with respect for the adage there be dragons.

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Sophos Chrome Security Settings

If you’re using Google Workspace (formerly G Suite), you can configure the Sophos Chrome Security extension to automatically enroll with Sophos Mobile when a Google Workspace user signs in to a Chrome device.

To configure Sophos Chrome Security auto-enrollment:

1. On the menu sidebar, select Setup > Chrome OS setup, and then select the G Suite tab.
2. Select Generate connection code.
3. Configure the following settings:
   Option

   Description
   Owner	Choose whether your organization owns the devices (Corporate) or the users (Personal).
   Device group	The Sophos Mobile device group that you want to assign the devices to.
   Chrome Security policy	Optional: A Chrome Security policy that you want to assign to the extension after the enrollment.
   Only enroll on Chrome Enterprise devices	Optional: Sophos Chrome Security only auto-enrolls with Sophos Mobile on Chrome Enterprise devices. You need to purchase the Chrome Enterprise Upgrade service from Google to enroll Chrome Enterprise devices. For details on Chrome Enterprise, see the Google Chrome Enterprise Help.

4. Click Save.
5. Select Copy next to Connection code to copy the value to the clipboard.

6. Sign in to the Google Admin console with your Google Workspace account.
7. Go to Device Management > Chrome Management > Apps & extensions.
8. Optional Select an organizational unit.

   Sophos Chrome Security enrolls automatically only for users in that organizational unit.

9. Select the + button at the bottom right and then select Select from Chrome App Store.
10. Search for Sophos Chrome Security and select Select.
11. In Policy for extensions, enter the connection code from Sophos Mobile.
12. In Installation policy, select one of the following:
    • Force install: Install Sophos Chrome Security automatically and prevent users from removing it.
    • Force install + pin: Same as Force install, and pin Sophos Chrome Security to the Chrome OS taskbar.
13. Save your settings.

How Good Is Sophos Security