Google has announced a significant upgrade to Chrome’s security capabilities on Android, particularly for users enrolled in its Advanced Protection Program. With the latest updates in Android 16 and Chrome 137+, Google is bringing desktop-class security features to mobile devices, aiming to provide robust protection for high-risk individuals and anyone seeking maximum online safety.
Advanced Protection: Raising the Bar for Mobile Security
The Advanced Protection Program (APP) is Google’s most stringent security suite, originally designed for those most at risk of targeted attacks—such as journalists, political figures, and activists. Now, with recent enhancements, Chrome for Android users who enable Advanced Protection will benefit from several new safeguards:
1. HTTPS-First Mode: Always Secure Connections
Chrome will now attempt to connect to every website using HTTPS, the encrypted protocol that secures data in transit. If a site only supports the less secure HTTP protocol, Chrome will issue a clear warning and require users to explicitly approve the connection. This measure significantly reduces the risk of data interception or tampering, especially on public or unsecured Wi-Fi networks.
2. Full Site Isolation: Preventing Cross-Site Attacks
For devices with 4GB of RAM or more, Chrome will activate full site isolation under Advanced Protection. This means each website operates in its own separate process, preventing malicious sites from accessing or stealing data from other open sites—even in the event of a browser vulnerability. Previously, this level of isolation was limited to desktop platforms or specific high-risk scenarios on mobile.
3. Disabling JavaScript Optimizing Compilers: Reducing Exploit Risks
Chrome’s V8 JavaScript engine includes optimizing compilers that, while improving performance, have historically been a frequent target for attackers. Under Advanced Protection, these compilers are disabled, closing off a major avenue for exploitation. While users may notice slightly slower website performance, Google estimates this change mitigates approximately half of the known vulnerabilities in the V8 engine.
Centralized and User-Friendly Security
Advanced Protection acts as a centralized security switch, enabling and enforcing these features across Google services, including Chrome. Users are also encouraged to use hardware-based authentication methods, such as security keys, for their Google accounts. These layered defenses are designed to thwart phishing, account hijacking, and sophisticated cyberattacks.
Who Should Enable Advanced Protection?
While the program is tailored for those at heightened risk, Google encourages anyone who values strong security to consider enrolling. The new features are available on Android 16 and later, with Chrome 137 or newer.
Summary of Key Features
| Feature | Description | Security Benefit |
|---|---|---|
| HTTPS-First Mode | Forces encrypted connections, warns on HTTP | Prevents data interception |
| Full Site Isolation | Segregates websites into separate processes | Blocks cross-site data leakage |
| Disable JS Optimizers | Turns off high-risk JavaScript compilers | Mitigates many exploit vectors |
