Improve your Google Chrome security (it’s not secure by default)

Google Chrome is about as common in office spaces as a water cooler or a coffee maker.

Chrome is also becoming king elsewhere, unless the systems are Macs, and Safari is the browser of choice. With its minimalist, crisp interface and Google brand, most people are quickly satisfied. Even MSPs, with too many other things to handle and not enough people to handle them, can also be sometimes lulled into Chrome complacency.

Google is great for its ease of use, but that also makes things easier for hackers to get they hooks in – whether they be outside or even inside jobs.

One area where you really need to take care is to ensure that passwords don’t get saved in the Google browser or ineed any browser. If you are not currently using a password manager, then it is highly likely you are already doing this. While it may be a convenience for the home user that supersedes the security risks, it’s just not worth the risk in an business environment.

if your system gets infected with malware, it can extract all your passwords right out of the browser and you will likely never even know it happened. This happen far more then you might realise.

You have also surely heard of all the support scams, which have been on the rise since convid. Where someone posing as tech support from Microsoft, Google, Amazon etc remotely connects to your PC and scams people and often installs malware at the same time.

These scammers can easily steal all your passwords from your browser, or indeed even a legit person providing remote support may innocently poke around and see passwords stored, the temptation is then there to do something bad.

It is recommend to disable the chrome password storage and instead start using a proper password manager.

New security update from Google

Chrome is not a static product, Hodges points out. People install Chrome on their computers and think it is a one-and-done exercise, but it is not. The algorithms and behind-the-scenes ecosystem are constantly in flux, creating openings for cybercriminals. Recently, Google attempted to tamp down on one discovered opening. They released a security update with an urgent patch on February 14 for Chrome, with the goal of fixing several security issues.

According to Google, “This new Chrome version fixes several security issues, one of which is being exploited actively.” Google did not mention how widespread the attacks are, but Chrome users are highly encouraged to update to the latest version as soon as possible. The security issue is only found on versions of Chrome earlier than 98.0.4758.102.

A hotspot for security vulnerabilities

Though, most recently, an alert was part of a slew of vulnerabilities discovered. Chrome announced earlier in February that it found 27 issues, eight being “high risk”: meaning hackers could exploit to load malware, steal data, or unleash ransomware. The problems could impact Windows, Linux, or Mac users. These issues come on the heels of a slew of Chrome vulnerabilities discovered last fall, making zero-day attacks more likely.

Tech Times says that “the Chrome browser has recently become a hotspot of different vulnerabilities,” in an article that outlines the specific vulnerabilities and their fixes.

IT is recommended to perform an annual “Chrome Audit” to see who is using it as the main browser on their workstations. Once an inventory is made, those Chrome stations should be put on monthly maintenance to fix vulnerabilities and ensure that saved passwords are cleared, and fixes are implemented.

Make Chrome a safer place

Another ongoing challenge for business owners and MSPs, is the need to work towards is user training. Even though Chrome is not infallible, it still falls upon the user to make smart decisions and not make it even easier for a hacker to get their hands-on information.

Other actions you can take to make Chrome safer include enabling Chrome’s Enhanced Protection (instructions further down). Chrome’s default is the standard browsing experience, but you can switch to the enhanced protection setting, which offers many more security features such as:

• Blacklisting: If employees visit certain sites prone to problems, then block them.
• Two-Step Verification on Google Accounts: This adds another layer of built-in security. This can be especially valuable when battling internal office threats, says, a rogue employee trying to access a unit that they shouldn’t be.
• Extensions: As part of a Chrome audit and maintenance program, make sure unnecessary and unwanted extensions are removed.
• Script-Blocking: This is a handy feature that will prevent ad-loading and malware-laced video programs from loading.
• Set Chrome to Default: When in doubt, do a full reset to get rid of unwanted extensions.

A combination of actions by you or your MSP and better education for end-users is a potent mix. Videos, malware, advertising, streaming, and other potentially threatening elements from outside, can converge to make Chrome a very dangerous place without some basic precautions. MSPs are in a good spot to implement these safeguards.

The thing with Chrome is that it is so universal, so widely accepted, that people just get too complacent. Hackers know that and exploit that comfort.

Disable password storage in your browser

Chrome

To stop Chrome from asking to save your passwords:

1. Click the Chrome menu    in the toolbar and choose Settings.
2. Click Autofill > Passwords.
3. Turn off “Offer to save passwords”.

TIP

If you’ve saved passwords in Chrome, you can easily import them into most password managers to make sure they’re safe. Then you can delete your saved passwords from Chrome.

Firefox

To stop Firefox from asking to save your passwords:

1. Click the Firefox menu    in the toolbar and choose Options.
2. Click Privacy & Security.
3. Turn off “Remember logins and passwords for websites”.

Microsoft Edge

To stop Edge from asking to save your passwords:

1. Click the Edge menu    in the toolbar and choose Settings.
2. Click Passwords.
3. Turn off “Offer to save passwords”.

Brave

To stop Brave from asking to save your passwords:

1. Click the Brave menu    in the toolbar and choose Settings.
2. Click “Additional settings”, then click Auto-fill.
3. Click Passwords.
4. Turn off “Offer to save passwords”.

Internet Explorer

To stop Internet Explorer from asking to save your passwords:

1. Click the Settings menu  and choose “Internet options”.
2. Click the Content tab.
3. In the AutoComplete section, click Settings.
4. Turn off “Forms and Searches” and “User names and passwords on forms”, then click OK.

What Is Enhanced Protection in Google Chrome?

Google Chrome’s Enhanced Protection is a browsing security feature that substantially increases safety on the web against dangerous downloads and websites. 

If you’re signed into Chrome and other Google apps you use, you can get improved protection based on the attacks against your Google account and threats you encounter on the web.

Plus, if you rely on Chrome extensions to help you improve your browser experience or be more productive, Enhanced Protection helps you choose safer extensions before installing them on your device.

Enhanced Protection is different from the Standard protection on Chrome, which only offers warnings about potentially risky sites, extensions and downloads. Plus, with Standard protection, you can select whether to get warnings about password breaches or improve security on the web by sending more information to Google.

Specifically, Enhanced Protection enables the following: 

• Displays a dialog that alerts you whether the extension is trusted or not. Trusted extensions are those that are built by developers who follow the Chrome Web Store Developer Program Policies. 
• Predicts and notifies you about dangerous events before they occur.
• Increases your safety on Chrome and can be used to improve security in other Google apps you’re signed into.
• Warns you if login credentials are exposed in a data breach.
• Offer better protection against risky files you download on the web. Enhanced Protection uses metadata about the file to determine if it’s potentially suspicious and warns you about it. 
• Send additional information to Google about your activity.

How to Enable Enhanced Protection in Google Chrome

Enhanced Protection is available for Chrome on mobile and desktop. The steps to enable the feature are similar on both platforms. 

Enable Enhanced Protection on Desktop

You can enable Enhanced Protection on your computer and increase your safety while browsing the web. 

1. Open Chrome browser and select More.

2. Select Settings. 

3. Select Security under the Privacy and Security section.

4. Next, select the Enhanced protection. 

Enable Enhanced Protection on an Android Device

Enhanced Protection isn’t limited to desktop devices only. You can also enable the feature on your Android phone or tablet. 

1. Open Chrome and tap More (three dots).

2. Next, tap Settings. 

3. Tap Privacy and Security.

4. Next, tap Safe Browsing.

5. Next, select the Enhanced Protection level. 

Enable Enhanced Protection on iOS Devices

Initially, the Enhanced Protection feature wasn’t available on iPhone and iPad. Google has since added it on Chrome for iOS devices so you can get alerts about risky extensions, malware, phishing or sites on Google’s list of potentially unsafe sites.

1. Open Chrome on your iPhone or iPad and tap More > Settings. 

2. Tap Sync and Google Services.

3. Next, enable Safe Browsing and then select Done.

Protect Your Device from Real Threat Actors

When it comes to web browsers, security and privacy are major concerns. 

Google’s Enhanced Protection and other security features have further fortified Chrome against malware, phishing and other cyberattacks. The feature helps you avoid zero-day exploits and makes it safer for you to browse the web.

If you want to further protect your device, I highly recommend installing Bitdefender  on all your devices, using a password manager and enable 2 factor authentication on all your online accounts, websites wherever posisble.