Rolling out today, version 63 of Google Chrome includes a number security enhancements for enterprise users. Site Isolation allows pages to be rendered in a separate process, while TLS 1.3 is now enabled on Gmail. Google also announced other upcoming security features for the year ahead.
Furthering the existing sandbox technology, Site Isolation has Chrome render content for each open website in a dedicated process that is isolated from other pages. It can be customized so that only certain webpages on a preset list will not share processes or cross-site iframes.
Google suggests enabling this for sites that require a log-in and host sensitive content, like an intranet. However, this additional security will come at the expense of increased memory usage, which Google estimates to be at 10-20%.
Restrict extensions based on permissions
Meanwhile, the ability for admins to restrict extensions based on required permissions is going live today. This policy joins the existing ability to whitelist or blacklist specific extensions.
TLS 1.3 rollout
Chrome 63 also marks the rollout of TLS 1.3 for Gmail. The Transport Layer Security protocol is what allows for secure communications on the internet, with the previous version standardized in 2008. While version 1.2 is secure when configured properly, Google argues that it is need of an overhaul.
The latest version is faster and more secure, with a wider rollout to the entire web scheduled for 2018. Users will see no impact, but Google advises admins that not all systems are interoperable with TLS 1.3 and directs them to a feedback forum.
Expanded NTLMv2 support for all platforms
Lastly, the next update (version 64) to Chrome will expand support for the NTLMv2 authentication protocol to Android, Chrome OS, Linux, and Mac. It is already the default in the Windows browser, with other users able to activate it today in the redesigned Flags page. Starting in Chrome 65, NTLMv2 will become the default NTLM protocol.