Admin Insider: What’s new in Chrome Enterprise, Release 79
Chrome 79—the latest release—includes more security and performance enhancements for Chrome Browser in your organization. Here’s what to expect (and as always, check the release notes for a full list of features).
Adopting modern security protocols
When it comes to Chrome Browser, security is one of the most important considerations. We continue to educate users on how to adopt modern protocols which are critical to enhancing security on our platform. Here are some upcoming changes to expect:
Highlighting legacy TLS 1.0 and 1.1 versions more prominently: We’ve been talking about our plans to only support TLS versions 1.2 and higher, and to retire legacy TLS versions (TLS 1.0 and 1.1), for awhile. More recently we announced that starting in January 2020, we will mark sites that do not support recent TLS versions as “Not Secure” and no longer show the lock icon for them. To make that even more clear to users, in Chrome 81, we’ll start showing a full-page interstitial warning telling people that the connection is not fully secure. If you think your company’s websites might be affected by this, read more in this blog post to learn how to prepare.
Securing subresources on HTTPS pages: We are also introducing changes in Chrome 79, 80 and 81 to ensure that HTTPS pages will only be able to load secure subresources. First, in Chrome 79, there will be a new setting to unblock mixed scripts content that Chrome currently blocks by default. Users can switch this setting by clicking the lock icon on any https:// page and selecting “Site Settings.” Second, in Chrome 80, mixed audio and video content will be auto-upgraded to https://, and Chrome will block them by default if they fail to load over https://. It will also start showing a “Not Secure” warning on the URL bar for sites containing mixed content images (users can unblock affected audio and video resources in settings, too). Lastly, in Chrome 81, mixed images will also be auto-upgraded to https://. It’s a good idea to start ensuring that resources in pages under your control are fetched over HTTPS. For more information, read our Chromium blog or the Release Notes.
Enhancements to help users keep data secure
We are focused on protecting users, all while respecting and maintaining their privacy. As a part of this, we already protect more than 4 billion users from sharing their information with insecure websites by checking the pages they’ve recently visited against the list of known insecure websites—a list that’s updated about every 30 minutes on your machine. Even though this does a great job of preventing personal information from being shared, there’s still more to be done as attackers become more and more sophisticated. We announced recent updates, including:
First, we are now offering enhanced protection against quick-changing, phishing sites that may slip through the window refresh each month. We do this by inspecting page URLs with Safe Browsing’s servers in real-time, and our analysis shows that this results in a 30% increase in protections. To start, we will roll out this protection for users who have opted into the “Make searches and browsing better” option. IT admins will be able to enable or disable this feature using policy.
Next, we are also enabling a feature to notify users if their credentials are part of a known data breach. Our system will detect this without sending unencrypted passwords to Google. Similarly, admins will be able to enable or disable this feature using policy.
More details about these and additional security enhancements in M79 can be found on the Chrome Security blog.
We’re giving admins more control over Chrome’s memory usage with a new policy that is particularly beneficial for shared and virtual sessions. The TotalMemoryLimitMb policy configures the maximum amount of memory that a single Chrome instance can use before starting to discard background tabs. When a tab is discarded, its memory is freed, and if the user switches back to that tab, the content will reload. Note: if this policy is not set, the browser will only attempt to save memory after it has detected that the amount of physical memory on its machine is low (available on Windows and Mac).