New Windows browser security options and tips: what you need to know

0

As we move into cloud computing, your browser is your operating system. While we tend to hold back in commercial fixes to make sure there aren’t any side effects, it can be dangerous to take this approach with browser fixes. Case in point: Google acknowledged Chrome’s twelfth and thirteenth zero-day attacks in a recent blog post. Since Edge is built on the Chrome platform, you need to consider the impact of every zero day targeted in Chrome on the Edge browser.

New Edge update options

If your business needs a little extra time to deploy browser updates due to the impact on line-of-business applications, there is another way to manage the changes that will keep you up to date for them. security concerns. Starting with Edge 94, Microsoft now supports multiple publishing channels. In March, Edge moved to a four-week development cycle where new features will be included in Edge every four weeks.

Microsoft now includes an option to update features in Edge every eight weeks. If you want to stay on a supported browser, you can choose the stable channel. This is the most used and considered a “wide deployment”. It is updated every four weeks. Next is Extended Stable, which allows for a longer eight week release cycle and is fully supported. The beta channel is still supported by Microsoft and has a four week release cycle. Two other channels, Dev and Canary, are not officially supported and are only considered testing platforms.

To deploy Edge on Extended Stable, use Group Policy to select the browser update rate. Download and install the latest Edge Group Policy Administrative Templates. Then go to, in order:

  • Group Policy Editor
  • Computer configuration
  • Administrative Templates
  • Microsoft Edge update
  • Applications
  • Microsoft Edge

Select “Replace target channel”, then “On”. Under “Options”, choose “Extended stability” from the “Policy” drop-down list. I recommend that you evaluate slowing the normal release process to extended stability for desktops that require more stability.

Edge Super Duper Secure Mode

Edge is testing a new Super Duper secure mode which is only offered in beta at the moment. The new mode will remove just-in-time (JIT) compilation from the V8 processing pipeline, reducing the attack surface that threat actors can use to hack Edge user systems. You must be on one of the beta channels to activate this feature. To test this mode, download the beta version of Edge from the Edge Insider publish page. You can also download Dev or Canary versions. Once you’ve installed it, enable Super Duper secure mode by going to edge: // flags / # edge-enable-super-duper-secure-mode and enabling the new functionality. You will then be prompted to restart your browser.

Improved Safe Browsing Mode

Chrome also has additional security features with its enhanced Safe Browsing mode. You can opt for this mode by going to:

  • Settings
  • Privacy
  • Security settings
  • Security

Select the “Enhanced protection” mode under “Safe browsing”. Go from standard navigation to enhanced protection. It will send URLs to Safe Browsing to check them. It also sends a small sample of pages, downloads, extension activity, and system information to help uncover new threats. The setting also sends links and data to your Google account when you’re signed in to protect yourself in Google apps. Thus, it will follow your navigation more.

Other browser security controls

Additional controls you should check out include the Windows Security Technical Implementation Guide for Google Chrome. Updated on July 13, 2021, this guide was released as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. You’ll want to make sure that your browsers are allowed to support only TLS.

There are several ways to set this value. To adjust this in the browser in the omnibox (address bar), type chrome: // policy. Check the setting of “SSLVersionMin” and check the “Policy Name” column to set it to “tls1.2”. If you want to use the registry method, select “Start regedit” and then navigate to HKLM Software Policies Google Chrome . Check if the value name “SSLVersionMin” does not exist or if its value data is not set to “tls1.2”. As a browser hardening guide in Security Engineering Implementation Guide (STIG) documents, if the registry value is not there, the computer will not pass the gathering. The STIG see it as a security breach.

To use Windows Group Policy. navigate to the “Group Policy Editor” tool with gpedit.msc. Then navigate to:

  • Policy Path: Computer Configuration
  • Administrative Templates
  • Google
  • Google Chrome.

Look at “Policy name: minimum SSL version enabled”. Change it to “Policy State: Enabled” and change the Policy Value: to “TLS 1.2”.

The STIG also provides guidance for Edge. Similar to Chrome, set the policy value for “Computer Configuration / Administrative Templates / Microsoft Edge / TLS Minimum Version Enabled” to “TLS 1.2”. Not to be outdone, Firefox also has security mandates.

For all the browsers you have on your systems, look at the installed extensions and determine if you want to limit or block as needed. Often times with browser security, being proactive and blocking and limiting what can be installed is the best way to be secure and is wise if you have a business that has extreme security needs.

As CISA notes, urge users to exercise caution when opening email attachments or using peer-to-peer file sharing, instant messaging, or lounges. of discussing. Being aware of what you are browsing and what you click on will go a long way in keeping your systems secure.

Copyright © 2021 IDG Communications, Inc.

Leave A Reply

Your email address will not be published.