5 quick and easy ways I improved my Chrome browser’s security


The HP Dragonfly Pro Chromebook on a colored background.

Kerry Wan/ZDNET

Chrome is everywhere. According to Statcounter, the Google-owned browser holds a 65% market share, with the closest competition being Safari at 18.57%. That’s a massive difference, and it’s showing no signs of change.

Also: Google just launched a faster, more efficient Chrome browser for Windows, but there’s a catch

That stranglehold over the market is one of the many reasons why Chrome has a target on its back and bad actors are constantly creating or finding vulnerabilities within the browser. But you don’t have to sit back and allow your default browser to be used against you. With just a little bit of attention and care, you can make Chrome safe enough to count on (so long as you’re using it wisely, such as not visiting sites from some random link you are sent by an unknown person).

Let me offer you my five best tips for improving Chrome’s security. Let’s go.

1. Clear your data (regularly)

Your browser saves various sorts of data, such as cookies, browsing history, cached images and files, passwords and sign-in data, and more. Although that might sound innocuous, that saved data can be used against you by legitimate sites and bad actors.

Legitimate sites use that data to create a profile for you so that they can target ads and keep track of where you’ve come from and where you’re going (in your browser). Bad actors can steal that data and use it to possibly gain access to your accounts. You don’t want either of those things to happen. 

Fortunately, Chrome makes it fairly easy for you to clear that data with specific time ranges (such as the last hour, last 24 hours, last week, last month, and all time). To do this, hit the Ctrl+Shift+Del keyboard combination (or go to the menu button and click Clear Browsing Data.) From within the pop-up window, select the time range, the data you want to delete, and then click Clear Data. 

2. Don’t use the built-in password manager

This is an issue I cannot stress enough. Yes, Chrome has a built-in password manager, but I’ve never been a big fan of using such things. First, allowing a browser to save a password is just asking for trouble. Should someone gain control of your browser (or the data within), there’s no guarantee they won’t be able to access your passwords. 

Also: Need Google Chrome to load pages faster? Enable this feature to speed it up

On top of that, the built-in password manager cannot stand up to the security of a dedicated password manager. To that end, I always disable password saving for Chrome and then use a password manager, such as Bitwarden, to manage all passwords. If you don’t like the idea of having to open a second application when it comes time to log into a site or service, you can always use your password manager’s Chrome extension (if applicable). 

To set Chrome to never offer to save passwords, type chrome://password-manager/passwords in the address bar, click Settings, and then click the On/Off slider for Offer To Save Passwords until it’s in the Off position.

3. Disable ad topics, suggested ads, and ad measurement

Google makes money from ads, which means it wants to do everything it can to target ads to you, such that you will click them. To that end, Chrome is set up by default to keep tabs on your browsing history so that it can create a targeted ad profile for you. 

Within the intersection of ads and Chrome, there are three settings you should disable, which are Ad Topics (topics of interest based on your browser history), Suggested Ads (ads that are suggested to you based on the sites you visit), and Ad Measurement (allows sites and advertisers to measure the performance of their ads based on your usage.) To disable these features, go to Settings, type Ads in the search field, and then click on each of the three and toggle the On/Off slider to the Off position.

4. Only use trusted extensions

There are countless extensions (aka add-ons) available for Chrome. Can they all be trusted? Not necessarily. Malicious ads find their way to the Chrome Web Store fairly regularly, so you want to always make sure whatever extension you’re about to install is trustworthy. For example, if the extension is developed by Google or a reputable third party (such as Bitwarden, Microsoft, etc.) you can generally trust them.

Also: Google Chrome now better protects you against risky websites and weak passwords

If an extension is listed as “Featured,” it can usually be trusted. All other extensions should be looked at with caution. When you find an extension you want to install, read the associated reviews and then google it with something like “Is Extension X safe?” (Where X is the extension name). You can also check out the name of the extension developer and do a bit of searching to make sure they can be trusted. Don’t automatically assume that it can be trusted if an extension is in the Chrome store, And for any extension that’s not in the Chrome store… don’t even bother.

5. Use Enhanced Protection

Google includes a Safe Browsing feature that offers three protection options: No Protection, Standard Protection, and Enhanced Protection. You can disregard No Protection. Standard Protection protects against websites, downloads, and malicious extensions. This level of protection will detect and warn you about anything malicious when it happens. Enhanced Protection does everything found in Standard but also warns you if any of your passwords have been exposed in a security breach and sends URLs to Safe Browsing to check against known lists of malicious sites. 

Enhanced Protection is also faster and more proactive than Standard. The only caveat to using Enhanced Protection is that it does send browsing data to Google. You can enable Enhanced Protection by opening Settings, typing security in the search field, and clicking the radio button for Enhanced Protection.

Bottom line

It doesn’t take all that much work to make Chrome more secure. If you do use Chrome, please consider these steps so you don’t have to worry that your information is being stolen or used against you.

Source link