“Update now! Multiple vulnerabilities patched in Google Chrome.” It’s a headline that you encounter with surprising regularity. Here are a few more from May to July 2022. Each is sure to chill any IT Director’s heart:
- Google Chrome: List of Security Vulnerabilities
- Google Confirms New Critical Chrome Security Issue for Windows
- Google Patches New Chrome Zero-Day Flaw Exploited in Attacks
- Google Reports 13 New Chrome Vulnerabilities
- CISA Recommends Organizations Update to the Latest Version
Let’s explore some steps you can take to avoid Google Chrome issues and keep your browser secure.
Did You Know?
In August, 2022, a new Gmail attack was announced that exploits Google Chrome and Microsoft Edge browsers. “SHARPEXT is a malicious browser extension,” reports Volexity.com. The threat? It can bypass two-factor or multi-factor authentication on Gmail. This means that even if you do have two-factor authentication, your Gmail may be accessed by nefarious individuals seeking to steal your data. Follow the suggestions in this blog entry to avoid SHARPEXT.
Use a Secure, Chromium Alternative
Want to keep working in the Chromium ecosystem but are worried about the headlines? Then consider getting one of the following Chromium-based browsers that are hardened for security:
You might also try Microsoft Edge as an alternative browser. It supports the Chrome web store but enjoys Microsoft’s ongoing support. Of course, Google will tell you to use Chrome, and Microsoft will say browse securely with Edge, but it’s up to you to choose.
If you would rather not deal with Chrome/Chromium browsers at all, then consider Firefox. These Firefox-based browsers get the job done and enjoy increased security:
For the best compatibility with websites, Firefox works great while safeguarding your privacy. If you need more intensive protection, get Firefox Focus. Both work on mobile devices, too. Of course, LibreWolf offers even more stringent protection on the desktop.
What’s the main problem with Google Chrome that these alternate browsers address? A wide variety of permissions and settings set to “open” or “allow.” It’s like leaving the doors and windows of your domicile open when there are criminals around.
Let’s see how you can secure Google Chrome, especially if you have to use it for work purposes.
Securing Google Chrome
A Google Chrome browser design flaw could allow malicious websites to record audio or video. This could occcur without alerting the user. The user would not get any visual sign that they are being spied on. (Source: The Hacker News, 2017)
Here is a list of suggestions that Zaafir (@zaafirsalam) provides, and I’ve shared a video or image with each one. Let’s explore each one at a time.
Tip #1: Set Site Permissions
Google Chrome may be set to allow access to your location, camera, and/or microphone. To limit what Chrome makes available to websites you visit, follow these instructions:
- Go to Settings in Chrome.
- Select Privacy and Security.
- Click Site Settings.
- Disable access for location, camera, and microphone.
Here’s a no-audio video walkthrough on how to do that:
Tip #2: Secure DNS and Connections
A lot of websites fail to secure their connections with your browser. That is, they allow connections that enable malicious folks to steal your password. Think of it as writing your bank account and password on a postcard. It’s not the best way to send confidential information.
Google’s Chrome browser allows both secure and insecure connections. You can restrict that by follow these steps:
Tip #3: Restrict Pop-Ups and Redirects
Ever visited the wrong website by accident? If the site is malicious, it may attempt to open countless pop-up windows. These will open up faster than you can close them. A malicious site may also redirect you to a series of inappropriate websites. Combined with unstoppable pop-ups, you may find yourself a long ways away from where you began.
Only allow pop-up windows for sites you trust. Here’s how you can restrict pop-ups and redirects in your Site Settings.
Note that you can allow specific, or custom, websites to send you pop-ups that are allowed. This can be handy on government and education websites that require pop-ups.
Tip #4: Disable Third-Party Cookies
As you may know, cookies are bits of code that store information about your internet use in your browser. Worse, these cookies can track you across websites. Websites like Facebook use these cookies to track your interests. Then, based on your interests, deliver tailored advertisements. Do a search on baby formula, you will soon see advertisements for diapers and baby stuff.
Here’s how you can disable third-party cookies via your Privacy and Security Settings:
Tip #5: Enable Enhanced Protection
You can turn on an additional layer of protection. The purpose of enhanced protection is to provide more protection. What’s more, it enables you as the user to flag suspicious content to Google. This helps everyone reduce the risks of malware spreading to others.
Here’s how you can turn it on:
Tip #6: Stop Background Apps
Wondering why your computer is running slow? It may be that Google Chrome is taking up memory. This happens even when you’ve “closed” Chrome. It’s closed for you, but Chrome continues to work in the background of your computer. It uses up valuable resources other programs may need. Turn it off completely.
To do that, go to System in the Settings and turn off “Continue running background apps.”
Tip #7: Conduct a Safety Check
Want to conduct a safety check? Access your Settings, looking for Privacy and Security. Select “Check now” to run a safety check on your browser.
Ensuring Browser Security
If you want to avoid making these changes, consider using one of the alternative browsers. They are already locked down. Keep a browser like Firefox or Chrome around. Use them only for legitimate websites that need a less restrictive experience.
Also, consider using these browser add-ons that allow you to turn security on or off as needed per website:
Finally, consider using a Virtual Private Network (VPN) when using the web at home or on the go (work environments may restrict their use). Let me know how your browsing experience changes for the better.