Chrome security

Chrome was built to keep your company’s data safe and secure on the web.

Chrome provides protection at every layer of the product, from malware and phishing protection to state-of-the-art sandboxing and network security.

We also stay a step ahead of attackers by leading and creating standards for the web security community.

Download Chrome Packagesarrow_forward
Security by design

Security by design

We designed Chrome to be secure with advanced malware and phishing protection, auto-updates, and understandable security warnings. Learn More

Security in every layer

Security in every layer

Chrome is secure to the core, with defensive measures operating from the network layer through Chrome browser and web applications. Learn More

One step ahead

One step ahead

Chrome stays ahead of potential attackers with scaled vulnerability discovery, fast response and fixes, and by rewarding researchers who find security bugs. Learn More

Security by design

Safe Browsing

Google Safe Browsing technology protects your company from a range of malware, phishing, and social engineering attacks that might try to steal passwords or infect machines. Safe Browsing is used in Chrome as well as other Google products like Search and Ads, and the free public API is used by other major browsers, sites, and apps.

If employees encounter a website suspected of being deceptive or dangerous while browsing the web, they’ll be shown a warning page. We also show warnings on dangerous downloads like malware that may inject ads or harm computers.

Auto-updates

Chrome automatically updates to ensure that your employees always have the latest security features and fixes, no action required. For enterprises that want more control, Chrome offers policies to manage updates.

While Chrome has a normal release cycle of 6 weeks, Chrome also updates to address critical security bugs as needed — we’ve shipped critical security fixes in under 24 hours when necessary.

Making security intuitive

To make security easier for everyone to understand, Google does user research and uses the results to create meaningful security warnings and interfaces. We publish peer-reviewed papers so that others can take advantage of this research. This includes research on our malware and phishing warnings, HTTPS warnings, connection security indicators (green lock), and more.

Security in every layer

Sandboxing and Flash

Sandboxing helps prevent malware from installing itself on computers and reduces the severity of vulnerabilities by isolating malicious web pages that try to leave programs on computers, monitor web activity, or steal private data.

Chrome leads in software sandboxing with protection from vulnerable plugins and isolation between extension and websites. We collaborate closely with Adobe to harden Flash and to ensure Chrome has the most secure version of Flash. Chrome’s PDF reader leads the industry in protection from untrustworthy PDFs. We’re even working to enable Site Isolation on the open web.

Networking security

Chrome implements extensive networking security features to authenticate secure connections to websites, so the websites your employees view cannot be eavesdropped on or tampered with. These features include Strict Transport Security (HSTS), preloaded public key pinning, root CA verification, and mixed script blocking.

Chrome actively participates in networking security standards and owns the HSTS preload list used by other browsers. Chrome also leads Certificate Transparency, a project to detect wrongly issued HTTPS certificates. We’re even experimenting with post-quantum cryptography.

One step ahead

Vulnerability response and rewards

Fixing vulnerabilities in a timely manner is critical to browser security. Chrome is committed to releasing a fix for any critical security vulnerabilities in under 60 days. On average, we fix high and critical severity vulnerabilities in 30 days, and when necessary, we have shipped critical security fixes in under 24 hours.

The Chrome Reward Program provides monetary awards and public recognition to security researchers who responsibly disclose new vulnerabilities to the Chrome project. In 2016 alone, we awarded nearly $1 million for Chrome vulnerabilities in our commitment to keep Chrome safe.

Fuzzing at scale

Fuzzing is a method for finding security vulnerabilities by testing with random data. To help Google keep ahead of attackers, we run Chrome’s fuzzing infrastructure, ClusterFuzz, which comprises ten thousand virtual machines, to help us fuzz at scale and rapidly find regressions before they affect users. These vulnerabilities are automatically de-duplicated, filed and verified. We also provide our fuzzing service to improve the security of open source projects.

サポート

Chrome ブラウザ向けサポート

Learn More About Enterprise Support for Chrome

Chrome ニュースレターにご登録ください

Chrome の最新情報に加え、特典やイベントのご案内、調査結果といった情報が盛りだくさんのニュースレターをお届けします。

送信が完了しました。ありがとうございます。