We designed Chrome to be secure by default, protecting you from dangerous and deceptive sites that might steal your passwords or infect your device. Chrome pioneered many of the techniques that are now foundational to browser security (such as sandboxing and site isolation), and with recent advances like predictive phishing protection, you can be confident that we’re using the latest technology to keep your data safe.
But what can you do yourself to make sure you stay safe online? To mark Cybersecurity Awareness Month, we talked to a few Chrome security engineers to share a few pieces of advice:
Keep Chrome up to date
Hundreds of security engineers across Google work to keep Chrome safe against the latest threats, and those improvements come out at least every two weeks. “We try to shorten the time between when a security bug has been discovered or reported and when a fix is released,” says Amy Ressler, a security technical program manager. “No matter how fast we work, we know motivated adversaries are looking for opportunities to exploit the ‘patch gap’ between when we release the fix and when some users update to the newest version.” Chrome checks for updates regularly, and when one is available, Chrome downloads it immediately and then applies it when you close and reopen the browser. But if you haven’t closed your browser in a while, you may have a pending update visible in the upper right corner of the browser window. To apply the update, click “Update” or simply close and reopen Chrome. Don’t worry: You won’t lose your tabs, and it will only take a few seconds.
Store strong, unique passwords with Google Password Manager
Using a password manager (even if it’s not Google’s) will help you store and use a strong, unique password for each site you log into. “If your password is compromised through a phishing attack or a security breach,” security software engineer Nwokedi Idika says, “using a unique password on every site reduces its value to an attacker because it only provides access to a single site — not multiple ones.” If you’re using a password manager to store “fido1234” as your password for every site, you're not making the most of the tool. Google Password Manager can suggest and save a strong, unique password of gobbledygook (like KZamPPzj43T9mQM). Then, Chrome will autofill the password next time you need it — on any device. Chrome should suggest a new strong password when creating a new account, or you can always right click in the password field and click “Suggest Password.”
Don’t ignore Chrome's download warnings
Chrome and Safe Browsing work to ensure that we warn you about dangerous downloads when possible. When you see a download warning, you can still download the file, but we strongly recommend against it. Computers are often compromised by malware because people misunderstand or ignore warnings. "We hear feedback from people that think Google disapproves of that download or software, so they ignore the warning,” says software engineer Daniel Rubery. “But the file is actually malicious!" We are constantly working to remove warnings that aren't useful; for example, we recently reevaluated our list of dangerous file types which reduced low risk warnings by more than 90%. This means you can trust that a download warning really means danger.
Browse the web with Enhanced security protection
To be even more secure while browsing the web in Chrome, turn on Enhanced Safe Browsing protection in your Chrome settings. It substantially increases protection from dangerous websites and downloads by sharing real-time data with Safe Browsing. “This is how you can get the most out of Chrome's security features,” recommends security software engineer Javier Castro. “By enabling enhanced protection, you are letting Chrome use the latest threat intelligence and the most advanced user protections to keep you safe while you browse.” If you’re signed in, Chrome and other Google apps you use (Gmail, Drive, etc) will be able to provide improved protection based on a holistic view of threats you encounter on the web and attacks against your Google Account. As a result, people using Enhanced Safe Browsing are successfully phished 20-35% less.
Protect your Google Account with 2-step verification
Two-factor authentication can use your phone to add an extra step to verify that it's you when you sign in. Signing in with both a password and a second step on your phone protects against password-stealing scams. Software engineer Diana Smetters says, “It's simple to turn on, and you only have to use your phone the first time you sign in on each of your devices. If an attacker gets your password online and tries to sign in, they'll be blocked because they don't have your phone.” If you sign into Chrome with a Google Account, be sure that you’re enrolled in 2-step verification to protect your account.
To stay even safer online, take a few minutes this month to update Chrome, start using Google Password Manager, turn on Enhanced Safe Browsing and enroll in 2-step verification. One last tip–you can always confirm your use of security features by running Safety Check in Chrome settings.