9 Google Chrome Security Tips by Kelly O'Hara


As the world’s most popular web browser, Google Chrome is a sure-fire target for hackers. Chrome has a reported two billion active installs, and one billion users.

Most of us use the Internet for several hours every single day, whether for work or personal use. What’s more, we access the web across multiple devices nowadays. Hackers or malicious groups could spy on your browsing activities and thus gain knowledge of your personal and financial information. 

Furthermore, when you have a Google account, there’s more at risk than you may have realized. Cybercriminals could gain access to your private emails, or even private work emails, via Gmail. You may also store sensitive files in Google Docs or Google Sheets, all of which are connected to your one account.

Naturally, you want to be secure in the knowledge that you can browse the web safely and privately. And that your private documents and emails are safe.

1. Get a Security Checkup 

Google has its own Security Checkup tool, which flags any issues across your devices. For instance, you may be logged into Google on a device that you don’t use anymore and this could be used to gain access to your account. 

The tool shows you exactly which devices you have logged-in. Also, whether you have given permission to any third-party apps that could be a threat to your security. It confirms your verification and recovery methods. Finally, it highlights whether there have been any security events in the last 28 days.

Just as you go to the doctor for a regular checkup, it’s a good idea to regularly check the health of your browser. It could highlight issues that you didn’t even realize were issues up until now.

2. Create a Strong, Unique Password

If you use the same password across multiple sites, you put yourself at risk because if a hacker cracks this password, they don’t just have access to one account but all of your accounts.

The best passwords contain upper- and lower-case letters, numbers and symbols, though they are difficult to remember. You may wish to use a memory trick. For instance, “I got my first pet aged 12. His name was Fluffy!” becomes “Igmfpa12HnwF!” which is a strong, unique password.

Alternatively, you could use a password manager which generates strong passwords for you, then stores them in an online vault. This way you don’t have to remember tons of complicated passwords.

3. Set Up 2-Step Verification

It’s certainly possible that a cybercriminal will crack your password, no matter how strong you think it is. 2-step verification adds an extra layer of security every time you log into your Google account. 

To enable 2-step verification, first go to your Google account and click on “Security” within the left-hand menu. Then, under the “Signing in to Google” menu, you can switch on 2-step verification:

Hit “Get Started” and Google will ask you to first verify your password. Then add your phone number and choose whether you wish to receive your verification code via text or phone call:

Then you will receive your first code to check how this process works. Once confirmed, hit “TURN ON” and you will now receive a code every time you log in to your Google account. Unless hackers have access to your phone, too, you will benefit from this extra protection.

4. Disable Extensions You Don’t Use

Essentially, anybody can create an app or extension and add it to Chrome Web Store. In some cases, these extensions are malicious. For instance, in early 2018, 400 users downloaded a fake version of Flash player from the web store. It turned out that this extension was used to steal payment card information that users entered in web forms.

Therefore, only add extensions you absolutely need to and only get them from credible sources. Disable extensions you don’t completely trust or don’t use, by heading to Chrome Web Store. Click on settings then choose “My Extensions & Apps”. Here you can click on “Remove from Chrome” for any extension you don’t need:

This way you remove any unnecessary risk.

5. Browse in Incognito Mode

Many use Incognito Mode to hide their browsing habits. Let’s say you share a device with your partner. Perhaps, you want to look for a gift for their birthday, but you don’t want them to see the sites you have been looking at for their gift. Incognito Mode hides your browsing history.

Another security benefit of Incognito Mode is that it prevents websites from storing your data as cookies. Some cookies might pose a risk to your security. Malware and viruses can be disguised as cookies.

However, Incognito Mode doesn’t provide complete protection. For example, if you use it at work to hide sites you shouldn’t be looking at, people on the same network can still see unsecured sites you’re visiting, i.e. those that aren’t HTTPS.

6. Consider Using a VPN

A VPN adds more protection than you would get in Incognito Mode. Your browser sends data to each site you visit, including your IP address, operating system and information about your hardware and other devices connected to your network. Clearly, you don’t want hackers to be able to intercept and get their hands on this information.

A VPN encrypts traffic to hide your data. Many leading VPN providers have extensions for Chrome. But you must ensure you opt for a trusted provider, rather than a standalone extension. This is because some VPN extensions are not secure.

7. Don’t Trust Sites That Aren’t Secure

In July 2018, Chrome started labeling HTTP sites as “Not secure”; while they display the security of HTTPS sites with a padlock. 

Image Source: Google Security Blog

HTTPS sites have an SSL certificate, which is used to secure data transfer and logins, as well as credit card transactions. Make sure you look out for sites marked “Not secure”. It’s common sense that you should not share any personal data or financial information with such sites.

Furthermore, look out for shortened URLs in social media posts and emails - the type from bit.ly and so on. Some use these shortened links to hide the fact that they will take you to spam websites, which may infect your device with malware. Thankfully, there are sites you can use to check the destination of a shortened URL.

8. Clean Up Your Computer

Last year, Vice reported that Chrome regularly scans computers to check for malware and it freaked some people out. But you shouldn’t have to worry as Google’s head of security says the sole purpose of such scans is to find malware that interferes with Chrome. Furthermore, the scan has normal privileges so cannot dive too deep into your system.

There are some instances in which you may wish to perform a clean up manually. For instance, if you find your browser overrun with pop-ups or there’s an extension that keeps adding itself, there may be a problem.

To do this on Windows, go to chrome://settings/ then click on “Advanced”. Here you will find the “Clean up computer” option:

9. Update Software Regularly

Hackers are able to access systems through gaps in outdated software. You may have heard of companies being hit by major data breaches in recent years. In several cases, criminals found their way in because the company failed to update software, leaving vulnerabilities exposed. 

That’s why it’s so important to update your browser, operating system and apps on a regular basis. Go to chrome://settings/help to check for browser updates:

To update your operating system, you’ll need to check the manufacturer’s support site. To update Android apps automatically, head to the Google Play Store. Open the menu and go to “Settings”. Tap “Auto-update apps” and choose whether you want this to happen when you’re connected to Wi-Fi only or at any time.

Wrapping Up

You probably use Chrome all the time, at work, when you’re buying stuff, when you’re browsing for cat memes etc. Thus, you have to make sure that your browser is as secure as possible. Cyber attacks can happen to anybody in this day an age. The only thing you can do is make an effort to reduce the risk of it happening to you. So, follow the above steps to increase your privacy and security when using Google Chrome.

On the Web:

Why You Should Use a Password Manager, and How to Get Started

How to Test a Suspicious Link Without Clicking It






About the Author:

Kelly is a freelance writer, who specializes in B2B, marketing and technology topics. She is passionate about helping others in these industries by sharing her extensive knowledge and actionable advice. Find out more at Copy Goals.

August 28, 2019


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023