Chrome 63 vs Windows 10 Edge: Google steps up rivalry with site isolation security

With Chrome 63, businesses can also configure policies to restrict access to extensions based on the permissions required.
Google
Google’s latest effort to pry businesses off Internet Explorer and keep them away from Windows 10 Edge is a new security feature called site isolation, which handles each page in its own process.
With the release of Chrome 63, enterprise admins will be able to configure Chrome to render content for each site in its own dedicated process.
As Google notes, keeping each site isolated from other sites in Chrome offers enterprises the strongest security. The technique is designed to thwart attacks that exploit vulnerabilities in the renderer process to run malicious code inside Chrome’s render sandbox and steal information.
However, it does come with a significant overhead, bumping up Chrome’s memory usage on PCs by between 10 and 20 percent.
Chrome’s optional, per-site isolation comes as Microsoft continues to harden Windows 10 Edge using hardware-based virtualization through tools such as Windows Defender Application Guard (WDAG), which allow Edge to run in an isolated hardware environment.
In October, Microsoft argued that WDAG marked a major breakthrough in sandbox technology since it offers a shield against attacks on the kernel, which is unprotected if an attack escapes the browser sandbox.
The good news for end-users is that Google and Microsoft are competing fiercely on the security front, adopting different approaches to protect against new attacks.
The one-site-per-process feature has been an equally important project for Chrome. Justin Schuh, engineering lead for Chrome security, earlier this year said site isolation was the biggest difference in Google’s approach to security and would make it superior Microsoft’s new Edge defenses. The technology promises to prevent remote code execution inside Chrome’s renderer sandbox.
收到可疑的有附件的邮件不打开,并及时报告安全响应团队,安全响应团队在收到报告时,要及时排查和加强警戒,因为此时可能已经有其他员工中招了。
Admins can choose to turn on Chrome’s site isolation for all sites or select a list of websites to isolate to run in their own rendering process. Google suggests including sites that users log into and important sites such as productivity site or intranet.
Chrome now also offers admins the ability to set a policy that blocks access to extensions based on the permissions they require.
This feature adds to the ability to whitelist and blacklist certain Chrome extensions. Admins have a large selection of permissions to block, including audio capture, USB, and video capture.
小心躲开“免费”的企业版安全软件
Additionally, Chrome 63 introduces Transport Layer Security version 1.3, which is enabled for Gmail in the updated browser.
Google is bringing NTLMv2 support to Mac, Linux, Android and Chrome OS. NTLM or NT LAN Manager is a Microsoft authentication protocol for Windows.
Chrome 64, due out in early 2018, includes support for NTLMv2 and Extended Protection for Authentication. Chrome’s support for non-Windows platforms brings Chrome on these to the same level as Chrome on Windows.
The company will also offer admins some leeway on an incoming crackdown on antivirus software that injects code into Chrome processes. Google argues that this is an outdated process that causes crashes.
Chrome warnings will advise users to uninstall the antivirus. It is encouraging vendors to use other methods, such as Chrome extensions and Native Messaging. Starting with Chrome 66 in April 2018, users may see a notification to update or remove the offending application.
To cater to business, Google will offer a new policy that gives admins extended support for critical apps that need to inject code into Chrome to function.
Finally, Chrome 63 includes fixes for 37 vulnerabilities. Google paid researchers $46,174 for reporting the Chrome bugs, including an award to Microsoft’s Offensive Security Research Team. Previous and related coverageGoogle will lock down Chrome on Windows Does the Chrome web browser crash on you in Windows? Google plans on fixing a common cause for these problems.Five tricks to make Google Chrome faster and better Here are five tricks to help you speed up your browser and increase your productivity.Top Google Chrome extensions to enhance your productivity, security, and performance If you are a Google Chrome user and you’re not making use of extensions, then you are really missing out. Here is a selection of extensions aimed specifically at boosting your productivity and privacy.
Related Topics:
Google

Cloud
Big Data Analytics
Innovation
真实的网络战争,网络战是战争的最新样式,不论是网络游击战、网络特种作战、网络间谍战还是网络火力准备,都会在未来国与国的冲突中反复上演。公众应该对此有所了解、有所准备。不难理解核心的领域使用本土产品和服务会增加可控性。

猜您喜欢

保密第一课
陆易Louis是知名的搜索引擎公司搜度SoDo公司的一名资深研发组长,看看他遇到了什么搜索算法问题,以及信息安全调查人员有什么发现。
网络安全法普法宣传 004《网络安全法》的突出亮点
孔子鲁迅齐白石徐志摩名人后裔讲述“家风故事”
MY GADGETBARGAINS
面向企业员工的HSE基础知识扫盲式在线学习教程