Security by design
We designed Chrome Browser to be secure with advanced malware and phishing protection, auto-updates, and understandable security warnings.
Learn More
Security in every layer
Secure to the core, with defensive measures operating from the network layer through Chrome Browser and web applications.
Learn More
One step ahead
Chrome Browser stays ahead of potential attackers with scaled vulnerability discovery, fast response and fixes, and by rewarding researchers who find security bugs.
Learn MoreSecurity by design
Safe Browsing
Google Safe Browsing
technology protects your company from a range of malware, phishing, and social
engineering attacks that might try to steal passwords or infect machines. Safe
Browsing is used in Chrome as well as other Google products like Search and Ads, and
the free public API is used by other major browsers, sites, and apps.
If employees encounter a website suspected of being deceptive or dangerous while
browsing the web, they’ll be shown a warning page. We also show warnings on dangerous
downloads like malware that may inject ads or harm computers.
Auto-updates
Chrome Browser automatically updates to ensure that your employees always have the
latest security features and fixes, no action required. For enterprises that want
more control, Chrome Browser offers policies to manage updates.
While Chrome Browser has a normal release cycle of 6 weeks, it also updates to
address critical security bugs as needed — we’ve shipped critical security fixes in
under 24 hours when necessary.
Making security intuitive
To make security easier for everyone to understand, Google does user research and uses the results to create meaningful security warnings and interfaces. We publish peer-reviewed papers so that others can take advantage of this research. This includes research on our malware and phishing warnings, HTTPS warnings, connection security indicators (green lock), and more.
Security in every layer
Sandboxing and Flash
Sandboxing helps prevent malware from installing itself on computers and reduces the
severity of vulnerabilities by isolating malicious web pages that try to leave
programs on computers, monitor web activity, or steal private data.
Chrome Browser leads in software sandboxing with protection from vulnerable plugins
and isolation between extension and websites. We collaborate closely with Adobe to
harden Flash and to ensure the browser has the most secure version of Flash. Chrome
Browser’s PDF reader, leads the industry in protection from untrustworthy PDFs. We’re
even working to enable site Isolation on the open web.
Networking security
Chrome Browser implements extensive networking security features to authenticate
secure connections to websites, so the websites your employees view cannot be
eavesdropped on or tampered with. These features include Strict Transport Security
(HSTS), preloaded public key pinning, root
CA verification, and mixed script blocking.
Chrome actively participates in networking security standards and owns the HSTS
preload list used by other browsers. Chrome also leads Certificate
Transparency, a project to detect wrongly issued HTTPS certificates. We’re even
experimenting with post-quantum cryptography.
One step ahead
Vulnerability response and rewards
Fixing vulnerabilities in a timely manner is critical to browser security. Chrome
Browser is committed to releasing a fix for any critical security vulnerabilities in
under 60 days. On average, we fix high and critical severity vulnerabilities in 30
days, and when necessary, we have shipped critical security fixes in under 24
hours.
The Chrome Reward Program provides monetary awards and public recognition to
security researchers who responsibly disclose new vulnerabilities to the Chrome
project. In 2016 alone, we awarded nearly $1 million for Chrome
vulnerabilities in our commitment to keep Chrome Browser safe.
Fuzzing at scale
Fuzzing is a method for finding security vulnerabilities by testing with random data. To help Google keep ahead of attackers, we run Chrome Browser’s fuzzing infrastructure, ClusterFuzz, which comprises ten thousand virtual machines, to help us fuzz at scale and rapidly find regressions before they affect users. These vulnerabilities are automatically de-duplicated, filed and verified. We also provide our fuzzing service to improve the security of open source projects.
Chrome 瀏覽器支援服務
Learn More About Enterprise Support for Chrome