Chrome is built to be accessed across all types of devices and platforms, regardless of what operating system you’re on. And today, we’re launching Chrome on Google Daydream View and the Lenovo Mirage Solo with Daydream. So if you have one of these headsets, you can launch Chrome directly from your homepage to browse and interact with any webpage while in VR.
All the features you love on Chrome, from voice search to incognito mode to fast search directly in your address bar, are now accessible on your Daydream headset. But we’ve also added a few Daydream-specific features, like “cinema mode” which optimizes web video for the best viewing experience in VR. With Chrome now integrated into Daydream, you can start browsing on your phone, whether it is reading your favorite news article or watching a YouTube video, and easily switch to your headset.
When you update to the latest version of Chrome on Android in Google Play, you can now launch Chrome from the home screen of your Daydream device.
In the next few weeks, you’ll probably be spending lots of time online buying gifts for your friends, family and “extended family” (your dog, duh). And as always, you want to do so securely. Picking the perfect present is hard enough; you shouldn’t have to worry about staying safe while you’re shopping.
Security has always been a top priority for Chrome, and this year we made a bunch of improvements to help keep your information even safer, and encourage sites across the web to become more secure as well. We’re giving you a rundown of those upgrades today, so that you can concentrate on buying the warmest new slippers for your dad or the perfect new holiday sweater for your dog in the next few weeks.
More protection from dangerous and deceptive sites
For years, Google Safe Browsing has scanned the web looking for potential dangers—like sites with malware or phishing schemes that try to steal your personal information—and warned users to steer clear. This year, we announced that Safe Browsing protects more than 3 billion devices, and in Chrome specifically, shows 260 million warnings before users can visit dangerous sites every month.
We’re constantly working to improve Safe Browsing and we made really encouraging progress this year, particularly with mobile devices. Safe Browsing powers the warnings we now show in Gmail’s Android and iOS mobile apps after a user clicks a link to a phishing site. We brought Safe Browsing to Android WebView (which Android apps sometimes use to open web content) in Android Oreo, so even web browsing inside other apps is safer. We also brought the new mobile-optimized Safe Browsing protocol to Chrome, which cuts 80 percent of the data used by Safe Browsing and helps Chrome stay lean.
In case you do download a nastygram, this year we’ve also redesigned and upgraded the Chrome Cleanup Tool with technology from IT company ESET. Chrome will alert you if we detect unwanted software, to remove the software and get you back in good hands.
Making the web safer, for everyone
Our security work helps protect Chrome users, but we’ve also pursued projects to help secure the web as a whole. Last year, we announced that we would mark sites that are not encrypted (i.e., served over HTTP) as “not secure” in Chrome. Since then, we’ve seen a marked increase in HTTPS usage on the web, especially with some of the web’s top sites:
If you’re researching gifts at a coffee shop or airport, you might be connecting to unfamiliar Wi-Fi which could be risky if the sites you’re visiting are not using the secure HTTPS protocol. With HTTPS, you can rest assured that the person sitting next to you can’t see or meddle with everything you’re doing on the Wi-Fi network. HTTPS ensures your connection is encrypted and your data is safe from eavesdroppers regardless of which Wi-Fi network you’re on.
An even stronger sandbox
Chrome has never relied on just one protection to secure your data. We use a layered approach with many different safeguards, including a sandbox—a feature that isolates different tabs in your browser so that if there’s a problem with one, it won’t affect the others. In the past year, we’ve added an additional sandbox layer to Chrome on Android and improved Chrome’s sandboxing on Windows and Android WebView.
So, if you’ve entered your credit card to purchase doggy nail polish in one Chrome tab, and you’ve inadvertently loaded a misbehaving or malicious site in another tab the sandbox will isolate that bad tab, and your credit card details will be protected.
Improving our browser warnings to keep you even safer
It should always be easy to know if you might be in danger online, and what you can do to get back to safety. Chrome communicates these risks in a variety of different ways, from a green lock for a secure HTTPS connection, to a red triangle warning if an attacker might be trying to steal your information.
By applying insights from new research that we published this year, we were able to improve or remove 25 percent of all HTTPS warnings Chrome users see. These improvements mean fewer false alarms, so you see warnings only when you really need them.
Unfortunately, our research didn’t help users avoid dog-grooming dangers. This is a very challenging problem that requires further analysis.
A history of strong security
Security has been a core pillar of Chrome since the very beginning. We’re always tracking our own progress, but outside perspectives are a key component of strong protections too.
The security research community has been key to strengthening Chrome security. We are extremely appreciative of their work—their reports help keep our users safer. We’ve given $4.2 million to researchers through our Vulnerability Reward Program since it launched in 2010.
Of course, we’re also happy when aren’t able to find security issues. At Pwn2Own 2017, an industry event where security professionals come together to hack browsers, Chrome remained standing while other browsers were successfully exploited.
Zooming out, we worked with two top-tier security firms to independently assess Chrome’s overall security across the range of areas that are important to keep users safe. Their whitepapers found, for example, that Chrome warns users about more phishing than other major browsers, Chrome patches security vulnerabilities faster than other major browsers, and “security restrictions are best enforced in Google Chrome.” We won’t rest on these laurels, and we will never stop improving Chrome’s security protections.
So, whether you’re shopping for a new computer, concert tickets, or some perfume for your pooch, rest assured: Chrome will secure your data with the best protections on the planet.
Editor’s note: October is Cybersecurity Awareness Month, and we’re celebrating with a series of security announcements this week. See our earlier posts on new security protections tailored for you, our new Advanced Protection Program, and our progress fighting phishing.
Security has always been one of Chrome’s core principles—we constantly work to build the most secure web browser to protect our users. Two recent studies concluded that Chrome was the most secure web browser in multiple aspects of security, with high rates of catching dangerous and deceptive sites, lightning-fast patching of vulnerabilities, and multiple layers of defenses.
About a year ago, we announced that we would begin marking all sites that are not encrypted with HTTPS as “not secure” in Chrome. We wanted to help people understand when the site they’re on is not secure, and at the same time, provide motivation to that site’s owner to improve the security of their site. We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the “not secure” warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
It’s only been a year, but HTTPS usage has already made some incredible progress. You can see all of this in our public Transparency Report:
64 percent of Chrome traffic on Android is now protected, up from 42 percent a year ago.
Over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on Chrome OS a year ago
71 of the top 100 sites on the web use HTTPS by default, up from 37 a year ago
We’re also excited to see HTTPS usage increasing around the world. For example, we’ve seen HTTPS usage surge recently in Japan; large sites like Rakuten, Cookpad, Ameblo, and Yahoo Japan all made major headway towards HTTPS in 2017. Because of this, we’ve seen HTTPS in Japan surge from 31 percent to 55 percent in the last year, measured via Chrome on Windows. We see similar upward trends in other regions—HTTPS is up from 50 percent to 66 percent in Brazil, and 59 percent to 73 percent in the U.S.!
Ongoing efforts to bring encryption to everyone
To help site owners migrate (or originally create!) their sites on HTTPS, we want to make sure the process is as simple and cheap as possible. Let’s Encrypt is a free and automated certificate authority that makes securing your website cheap and easy. Google Chrome remains a Platinum sponsor of Let’s Encrypt in 2017, and has committed to continue that support next year.
Google also recently announced managed SSL for Google App Engine, and has started securing entire top-level Google domains like .foo and .dev by default with HSTS. These advances help make HTTPS automatic and painless, to make sure we’re moving towards a web that’s secure by default.
HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. There’s never been a better time to migrate! Developers, check out our set-up guides to get started.
On August 6, 2012, the Curiosity rover landed on Mars. Ever since, it’s been searching for evidence that Mars has ever been suitable for life. It’s also been photographing the Martian terrain in great detail. Scientists at NASA’s Jet Propulsion Lab use these photos to create a 3D model of Mars. It’s a one-of-a-kind scientific tool for planning future missions.
Today, we’re putting that same 3D model into an immersive experience for everyone to explore. We call it Access Mars, and it lets you see what the scientists see. Get a real look at Curiosity’s landing site and other mission sites like Pahrump Hills and Murray Buttes. Plus, JPL will continuously update the data so you can see where Curiosity has just been in the past few days or weeks. All along the way, JPL scientist Katie Stack Morgan will be your guide, explaining key points about the rover, the mission, and some of the early findings.
The experience is built using WebVR, a technology that lets you see virtual reality right in your browser, without installing any apps. You can try it on a virtual reality headset, phone, or laptop.
Check it out at g.co/accessmars.
And if you’re an educator, we’ve updated our Mars tour in Google Expeditions with highlights from this experience. To try it with your class or in self-guided mode, download the Expeditions app from Google Play or the App Store.
Unwanted software impacts the browsing experience of millions of web users every day. Effects of this harmful software are often quite subtle—search results are modified to redirect users to other pages or additional ads are injected in the pages that users visit. But in some cases, the changes are so severe that they can make the web unusable—people are redirected to unwanted sites full of ads, and it can be next to impossible to navigate away from these pages.
Chrome already has tools to help people avoid unwanted software. For example, Safe Browsing prevents many infections from taking place by warning millions of users. But sometimes harmful software slips through.
Recently, we rolled out three changes to help Chrome for Windows users recover from unwanted software infections.
Hijacked settings detection
Extensions can help make Chrome more useful—like by customizing tab management. But some extensions may change your settings without you even realizing it. Now, when Chrome detects that user settings have been changed without your consent, it will offer to restore the modified settings. In the past month, this feature has helped millions of people recover from unwanted settings.
You can also reset your profile settings at any time by visiting chrome://settings/resetProfileSettings.
A simpler Chrome Cleanup
Sometimes when you download software or other content, it might bundle unwanted software as part of the installation process without you knowing. That’s why on Chrome for Windows, the Chrome Cleanup feature alerts people when it detects unwanted software and offers a quick way to remove the software and return Chrome to its default settings. We’ve recently completed a full redesign of Chrome Cleanup. The new interface is simpler and makes it easier to see what software will be removed.
A more powerful Cleanup engine
Under the hood, we upgraded the technology we use in Chrome Cleanup to detect and remove unwanted software. We worked with IT security company ESET to combine their detection engine with Chrome’s sandbox technology. We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup. Note this new sandboxed engine is not a general-purpose antivirus—it only removes software that doesn’t comply with our unwanted software policy.
We’ve begun to roll this out to Chrome for Windows users now. Over the next few days, it will help tens of millions of Chrome users get back to a cleaner, safer web.