It’s said “better safe than sorry,” and when it comes to browsing the web, that old adage couldn’t be more true. With cyber-attacks and data breaches on the rise, it’s more important than ever to make sure your online activity is secure.
Not entering the red zones of the internet isn’t enough to stay secure. You need to make sure your setup to access the web is secure. This means you need to secure your browser, and for most people, that will be Google Chrome.
Even though Chrome protects you from malicious websites and downloads by default, its security can be further improved with the help of some tweaks and apps. Today, I am here to provide you with tweaks, extensions, apps, and tips to fortify Google Chrome’s security for utmost protection.
Tweak Settings to Secure Chrome
Google Chrome has a bunch of settings that you can adjust to enhance security. Of course, some of the settings can change the way you use the browser and even negatively impact usability, but it’s worth it if you prioritize security. Below you’ll find some tweaks that can increase Chrome’s security:
#1. Enable Enhanced Protection
By default, Google protects you from malicious extensions, downloads, and websites. This comes under standard protection. However, there is also an enhanced protection feature that shares your data with Google to fortify the protection. This includes better scanning of malicious data and warnings about password breaches.
If you don’t mind sharing some of your data with Google, then below you’ll find the instructions to enable it:
Open Chrome Settings from the top-right dots menu.
Here click on Privacy and security in the left panel and then select Security.
Now select Enhanced protection, and you’ll start getting better protection.
#2. Encrypt Passwords With a Passphrase
If you use Google Chrome’s built-in password manager to save your passwords, then you might be interested in further protecting them with a custom passphrase. Encrypting your passwords with a custom passphrase will not only prevent them from leaking if your Google account gets compromised but also stop Google from seeing them.
From Chrome Settings, click on You and Google and then click on Sync and Google services.
Afterward, click on Encryption options and select Encrypt synced data with your own sync passphrase option.
You’ll have to create a passphrase and then confirm it to encrypt the passwords. If you’ll forget the passphrase, you’ll have to reset it completely. The process will delete all the sync data from Google servers, but it will stay on your devices where you can enable sync again.
#3. Keep Chrome Up-To-Date
Chrome is constantly updated to improve protection and patch vulnerabilities. You should make sure you are always using the latest version of Chrome. To make sure you are using the latest version, open the Chrome dots menu and select About Google Chrome from the Help option.
Here either it will say Chrome is up to date or give you an option to manually update it.
#4. Always Use HTTPS
HTTPS is the protocol widely used by websites to ensure the transit of data between the website and the user stays encrypted. However, some websites are still stuck on HTTP with insecure connection that can be intercepted by hackers.
You can force Chrome to always use HTTPS whenever available or warn you if the site is insecure. In Chrome Settings, go to the Security option in Privacy and security. Here enable the Always use secure connections option under the Advanced heading.
If you stumble upon a website that doesn’t redirect to HTTPS, make sure you don’t enter any information there and definitely do not sign-up for an account.
#5. Block Third-party Cookies 🍪
Browser cookies can be used to steal information, like cookie hijacking or unauthorized access to a PC. However, they are essential for websites to remember you and manage account logins.
I won’t recommend you disable all cookies, but you should disable third-party cookies as they only help websites to track you and could be used to steal information if the connection is insecure.
To disable them, go to Privacy and security in Chrome Settings and click on the Cookies and other site data option.
Now select the Block third-party cookies option here.
If you don’t want to take risks with cookies while accessing a sensitive website, then using incognito mode will be better. It will delete all the cookies when you close the window.
#6. Enable Chrome Security Flags
Chrome flags are hidden experimental settings in Chrome that have a tendency to negatively impact your browsing, but they are safe in most cases. Some of these features can improve the security of Chrome, which I will list below:
To access these flags, type chrome://flags/ in the address bar and search for the flag in the top search bar. Each flag also has a dedicated URL, which I will mention with each so you could easily access them.
Block insecure private network requests: Enable this to protect all PCs on a private network from CSRF attacks by blocking requests for insecure public sources. URL: chrome://flags/#block-insecure-private-network-requests
Block insecure downloads: Although Chrome already protects against malicious downloads, enabling this will also block downloads from insecure (HTTP) sources, whether direct or indirect. URL: chrome://flags/#block-insecure-downloads
Strict-Origin-Isolation: Chrome already uses site isolation for protection. This flag will further improve it by applying isolation at the origin (host or port) instead of eTLD+1. URL: chrome://flags/#strict-origin-isolation
Experimental QUIC Protocol:QUIC protocol is not only faster than TCP and UDP but also more secure as it has its own encryption instead of depending on HTTPS. Once enabled, it will use QUIC for connections whenever possible. URL: chrome://flags/#enable-quic
Chrome Security Extensions and Apps
There are many security extensions and apps for Chrome to improve its security. Below I have picked the ones that will go well with all the other security settings and tips I have mentioned in this post.
uMatrix is a Chrome extension that lets you view and control all requests your browser makes when you connect with a website. You can use it to block scripts, ads, iframes, specific websites, and much more.
It also has built-in options to manage cookies and potential malicious requests. It remembers your changes, and you can create global changes to apply to all future pages.
Netcraft is mainly a website rating extension to protect you from malicious websites. However, it uses different algorithms to detect potential malicious websites instead of just depending on the community.
Other than securing your connection, it has built-in malware protection, tracking protection, and an ad blocker. It automatically scans all websites and downloads to ensure they are safe. It also warns about data breaches. Along with support for all operating systems, it also has a Chrome extension with special web protection features.
#4. Avast One
Strong malware protection for your PC is necessary as there is no point in securing Chrome if a separate malware program could steal information. Avast One is the perfect malware protection tool for this, as it also has many tools for web protection.
Other than PC malware protection, it offers WiFi protection, online shopping and banking protection, data breach alerts, email scam protection, and many privacy protection tools too. For advanced online protection tools, you’ll have to get a paid subscription. Although the free version works fine for basic browsing.
Tips to Stay Secure Online
The above tweaks and apps will make Chrome secure, but you should also follow best security practices to stay safe online. No protection can save you if you mess around with shady software or websites. Below are some things to consider while browsing the web.
Use a Password Manager
Google Chrome’s built-in password manager isn’t secure enough. I mean, anyone can reveal all your passwords just by providing your PC lock screen pin. For utmost protection, you need a good third-party password manager. 1Password is a really strong app for this purpose, and it’s available on all operating systems, along with an extension for Chrome.
The app will let you save and manage all your passwords in one place using a master password. You can enable two-factor authentication to further protect your passwords. You can also secure documents and files and access them from anywhere.
I should mention that using strong and unique passwords is extremely important for online safety. Of course, it’s not practical to memorize strong passwords for every signup, so using a password manager is necessary.
Avoid Shady Websites and Downloads
Getting free things online is fun but very dangerous. There is always a price attached to these free things, it could be ads, unwanted programs, or dangerous malware. You should avoid shady-looking websites and programs, especially if one of your security tools gives a warning about them. Below are some examples of content that are known to have malware/viruses:
Video Game cheating/hacking programs.
Downloading copyrighted content like games, images, videos, etc., even on regular websites.
Tools that promise to automatically fix your problem, especially if they come as a .zip file.
Free media streaming websites.
Phone rooting/unrooting programs.
APK websites and files.
Basically, anything you download or click on that seems unethical or too good to be true usually has a higher tendency to have malware attached to it. I am not saying all of this content is bad and you should never touch them. However, be extra careful, especially on a PC that you use to access/save sensitive data.
Use Incognito Mode
Other than deleting your traces on the local devices, Incognito mode also makes browsing websites safe by not using saved cookies and extensions. No malicious extensions will be able to steal information and websites can’t track your previous sessions as no cookies are used.
I’ll recommend you use incognito mode when accessing sensitive websites like financial websites. In Chrome, you can launch incognito mode from the dots menu or by pressing Ctrl+Shift+N key combination.
Always Use Two-Factor Authentication
Whenever possible, always opt for two-factor authentication for services you sign-up for. It’s the best protection against hacking. Even if you don’t want to authenticate every time you log in, at least enable it for your login on every new device. All popular services support it, including Google, eBay, Facebook, Amazon, PayPal, Dropbox, LinkedIn, and most banking websites.
Respect the Warnings ⚠️
Whenever Chrome or your malware detector gives a warning about a website or downloaded file, make sure you don’t execute it. I know curiosity or desperation can make you think “what’s the worst that could happen”, but don’t do it.
A malicious website can automatically download viruses, and a malicious program can completely take over your PC as soon as you open it. In case you must open it, first search on the web to learn what it does. Maybe even ask on related forums. Only open it if you are sure it’s a false positive by your security program.
Final Thoughts 💭
I personally really like the combination of using a VPN and incognito mode. The incognito mode prevents third-party interference with my requests, and the VPN keeps me secure and anonymous on websites I visit.
As long as you don’t open a shady program/website, especially when you are warned, the above tweaks and apps should keep you safe while browsing on Chrome.