Skip to main content

Chrome 63 adds Site Isolation rendering, TLS 1.3 rollout on Gmail, other security features

Rolling out today, version 63 of Google Chrome includes a number security enhancements for enterprise users. Site Isolation allows pages to be rendered in a separate process, while TLS 1.3 is now enabled on Gmail. Google also announced other upcoming security features for the year ahead.

Site Isolation

Furthering the existing sandbox technology, Site Isolation has Chrome render content for each open website in a dedicated process that is isolated from other pages. It can be customized so that only certain webpages on a preset list will not share processes or cross-site iframes.

Google suggests enabling this for sites that require a log-in and host sensitive content, like an intranet. However, this additional security will come at the expense of increased memory usage, which Google estimates to be at 10-20%.

Admins and curious users can test the feature using a command line flag, though Google directs enterprise users to use a Chrome policy for wide deployments.

Restrict extensions based on permissions

Meanwhile, the ability for admins to restrict extensions based on required permissions is going live today. This policy joins the existing ability to whitelist or blacklist specific extensions.

TLS 1.3 rollout

Chrome 63 also marks the rollout of TLS 1.3 for Gmail. The Transport Layer Security protocol is what allows for secure communications on the internet, with the previous version standardized in 2008. While version 1.2 is secure when configured properly, Google argues that it is need of an overhaul.

The latest version is faster and more secure, with a wider rollout to the entire web scheduled for 2018. Users will see no impact, but Google advises admins that not all systems are interoperable with TLS 1.3 and directs them to a feedback forum.

Expanded NTLMv2 support for all platforms

Lastly, the next update (version 64) to Chrome will expand support for the NTLMv2 authentication protocol to Android, Chrome OS, Linux, and Mac. It is already the default in the Windows browser, with other users able to activate it today in the redesigned Flags page. Starting in Chrome 65, NTLMv2 will become the default NTLM protocol.


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com