Google Chrome is a fast, simple, and secure web browser, built for the modern web. Chrome combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Google builds powerful tools that help you connect, play, work and get things done. And all of it works on Chrome.
Is Google Chrome safe and private?
The Chrome browser utilizes site isolation, sandboxing, and predictive phishing protections to keep your browsing secure, among others. However, Google's browser always raises privacy concerns due to the fact that everything you do in Chrome, including every character you type into the address bar, is recorded by Google and linked to you. While using other Google services, all that data may be cross-referenced.
More privacy-conscious users may prefer to use Firefox or other Chromium-based alternatives (that may or may not record as much data) or try Ungoogled Chromium.
Is Chrome the fastest browser?
Chrome, Firefox, Safari and other major browsers are updated every few weeks, so it's hard to compare them over time which is the fastest. Chrome is known to be a RAM hog, but when used heavily, other browsers are known to be just as resource-consuming.
Google is good at creating the illusion of speed with prediction algorithms that preload parts of web pages that you are likely to visit. With a minimalistic design, you'll feel at home with Chrome, plus built-in integration with other Google services and mobile browsing can also be very convenient.
What are the best Chrome alternatives?
There are tons of good and free alternatives for browsing the web. If you want a more private browsing, you can opt for Firefox or Brave. If you don't want to use Google services, you can use Ungoogled Chromium.
Opera, Microsoft Edge and Vivaldi are other great options, these last two are Chromium-based just like Google Chrome.
What are the best features of Chrome?
Chrome is the most popular web browser out there, so website compatibility with it and other Chromium-based browsers is top notch. Performance is usually perceived as good (see question above).
Chrome is also feature-filled but not bloated. It does integrate nicely with other Google services and also lets you sync browsing history and bookmarks with your phone and other devices. Finally, Chrome has a vast library of extensions to add capabilities to your browser experience.
Features
Speed
Chrome is designed to be fast in every possible way: It's quick to start up from your desktop, loads web pages in a snap, and runs complex web applications fast. Learn more about Chrome and speed.
Stay organized with tabs
Tabs help you stay organized, keep track of multiple pages, and multi-task. You can group tabs together for better organization or pin tabs to automatically open websites you use the most.
What's New
The Stable channel has been updated to 128.0.6613.113/.114 for Windows, Mac and 128.0.6613.113 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.
The Extended Stable channel has been updated to 128.0.6613.114 for Windows and Mac which will roll out over the coming days/weeks.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.
This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
- [TBD][351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09
- [TBD][360265320] High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-16
- [TBD][360533914] High CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-08-18
- [TBD][360758697] High CVE-2024-8198: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-19
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Google is aware that an exploit for CVE-2024-7971 exists in the wild.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [361165957] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Improving the security of Chrome cookies on Windows
Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users. We already have a number of initiatives in this area including Chrome's download protection using Safe Browsing, Device Bound Session Credentials, and Google's account-based threat detection to flag the use of stolen cookies. Today, we're announcing another layer of protection to make Windows users safer from this type of malware.
Like other software that needs to store secrets, Chrome currently secures sensitive data like cookies and passwords using the strongest techniques the OS makes available to us - on macOS this is the Keychain services, and on Linux we use a system provided wallet such as kwallet or gnome-libsecret. On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other users on the system or cold boot attacks. However, the DPAPI does not protect against malicious applications able to execute code as the logged in user - which infostealers take advantage of.
In Chrome 127 we are introducing a new protection on Windows that improves on the DPAPI by providing Application-Bound (App-Bound) Encryption primitives. Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.
We will be migrating each type of secret to this new system starting with cookies in Chrome 127. In future releases we intend to expand this protection to passwords, payment data, and other persistent authentication tokens, further protecting users from infostealer malware.
How it works
App-Bound Encryption relies on a privileged service to verify the identity of the requesting application. During encryption, the App-Bound Encryption service encodes the app's identity into the encrypted data, and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail.
Because the App-Bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app. Now, the malware has to gain system privileges, or inject code into Chrome, something that legitimate software shouldn't be doing. This makes their actions more suspicious to antivirus software – and more likely to be detected. Our other recent initiatives such as providing event logs for cookie decryption work in tandem with this protection, with the goal of further increasing the cost and risk of detection to attackers attempting to steal user data.
Enterprise Considerations
Since malware can bypass this protection by running elevated, enterprise environments that do not grant their users the ability to run downloaded files as Administrator are particularly helped by this protection - malware cannot simply request elevation privilege in these environments and is forced to use techniques such as injection that can be more easily detected by endpoint agents.
App-Bound Encryption strongly binds the encryption key to the machine, so will not function correctly in environments where Chrome profiles roam between multiple machines. We encourage enterprises who wish to support roaming profiles to follow current best practices. If it becomes necessary, App-Bound encryption can be configured using the new ApplicationBoundEncryptionEnabled policy.
To further help detect any incompatibilities, Chrome emits an event when a failed verification occurs. The Event is ID 257 from 'Chrome' source in the Application log.
Conclusion
App-Bound Encryption increases the cost of data theft to attackers and also makes their actions far noisier on the system. It helps defenders draw a clear line in the sand for what is acceptable behavior for other apps on the system. As the malware landscape continually evolves we are keen to continue engaging with others in the security community on improving detections and strengthening operating system protections, such as stronger app isolation primitives, for any bypasses.
The Stable channel has been updated to 127.0.6533.88/89 for Windows, Mac and 127.0.6533.88 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
- [TBD][353034820] Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15
- [TBD][352872238] High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13
- [TBD][354748060] High CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert on 2024-07-23
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.