Two Techniques for Improving Google Chrome Security

Two Techniques for Improving Google Chrome Security

Although most Mac users rely on Apple’s Safari for Web browsing, plenty of people prefer Google Chrome for its cross-platform compatibility, massive collection of extensions, and tight integration with the Google ecosystem. Chrome is by far the most popular browser in the world, with about 65% of the market, compared to Safari’s 18%. Still others opt for alternative browsers based on the same open-source Chromium engine, such as Arc, Brave, Microsoft Edge, Opera, and Vivaldi.

Unfortunately, Chrome’s dominance makes it a target for attackers in two ways. First, attackers may attempt to find vulnerabilities that would let them steal data or compromise credentials. Second, although Google reviews extensions submitted to the Chrome Web Store, researchers have discovered malicious extensions with millions of downloads. To keep your copy of Chrome secure, we recommend two things: relaunch the browser regularly and be careful with extensions.

Relaunch Chrome to Install Updates

Google Chrome and all the other Chromium-based browsers update themselves automatically. Sort of. While the browser is running, it downloads the latest update but doesn’t install it until you quit and relaunch. Since both macOS and most apps are highly reliable, many people go weeks or even months without relaunching, leaving Chrome vulnerable to recent security exploits. You can check if you’re running the latest version or need to install an update by choosing Chrome > About Google Chrome. (Some extensions, like 1Password, even refuse to run when an update is required.)

In other words, it’s important that you quit and relaunch Chrome and any other Chromium browsers regularly—we recommend a weekly schedule to match Google’s schedule for security updates. There’s no need to worry about losing your open tabs as long as you set Chrome to “Continue where you left off” in Chrome > Settings > On Startup. All the Chromium-based browsers have a similar setting. (While we’re on the topic, remember that it’s also a good idea to restart your Mac occasionally!)

There is one exception among the alternative browsers: Arc. Its developers have figured out how to download and install updates automatically. The feature is still being rolled out to all users, but when enabled, it installs updates when the Mac wakes from sleep rather than forcing the user to quit and relaunch.

Be Careful with Chrome Extensions

Chrome extensions can be both a blessing and a curse. There are vastly more Chrome extensions than Safari extensions, so Chrome and the Chromium browsers enjoy added features that Safari lacks. On the downside, in 2023, researchers discovered dozens of malicious extensions with tens of millions of combined downloads. Google has removed all of them, but many had been on the Chrome Web Store for 6 months or more.

There are over 100,000 extensions in the Chrome Web Store, so while malicious extensions are real, most extensions are legitimate. But if Google can miss them for months or years, how can you reduce the chances of installing something evil? Here’s what we do:

  • Reduce the number of extensions you install: The fewer extensions you install, the less likely one is to be malicious or cause other problems. Regularly uninstall any extensions you don’t use from Window > Extensions (the location may vary slightly in the Chromium browsers).
  • Only install from the Chrome Web Store: Stick to extensions that have at least gone through Google’s reviews for the Chrome Web Store and avoid direct downloads for extensions.
  • Read reviews before installing: Although reviews are no guarantee, if you see people complaining about unusual behavior, that may be a clue that the extension is doing something sketchy.
  • Evaluate extension metadata: In general, avoid extensions that aren’t used by many people, that don’t have many reviews, or that aren’t updated frequently. Those aren’t guaranteed signals of a malicious extension but may be a hint to be cautious.
  • Review permissions before installing: When you click the Add to Chrome button in the Chrome Web Store, a prompt explains what permissions will be granted to the extension. If they seem unnecessarily broad, cancel the installation.

Don’t stress too much about this. Maintaining good Chrome security comes down to relaunching the browser once a week and being careful about which extensions you use—it’s easy.

(Featured image based on an original by iStock.com/ArtemisDiana)

Social Media: If you use Google Chrome or another Chromium browser instead of Safari, you can stay secure by following two simple rules regarding updates and extensions.

More Insights

Make Apple Devices Easier for Family to Access with Secondary Biometrics
Tech Tip

Make Apple Devices Easier for Family to Access with Secondary Biometrics

It’s only safe to share your iPhone, iPad, and Mac passcodes and passwords with people you trust completely, which typically includes family members whom you would trust with your healthcare and bank accounts. If those people also use your devices regularly, you can simplify their access by adding their fingerprint to Touch ID or their […]

Read More »
06/27/25
Why Passkeys Are Better than Passwords (And How to Use Them)
Tech Article

Why Passkeys Are Better than Passwords (And How to Use Them)

No one likes passwords. Users find managing them annoying, and website managers worry about login credentials being stolen in a data breach. The industry has developed a better solution: passkeys. Passwords versus Passkeys Traditional multi-factor authentication involves three methods of authentication, at least two of which are required for protection. They include something you know […]

Read More »
05/27/25
Beware Domain Name Renewal Phishing Attacks
Tech Tip

Beware Domain Name Renewal Phishing Attacks

Most phishing attacks are easy to identify, but we’ve just seen one that’s more likely to evade detection. Those who own personal or business Internet domain names—to personalize their email or provide an online presence for their website—may receive fake messages claiming that a domain has been deactivated due to a payment issue. Because scammers […]

Read More »
05/23/25
Consider Business Cyber Insurance
Tech Article

Consider Business Cyber Insurance

When discussing digital security, we typically focus on preventive measures, such as using strong passwords with a password manager, enabling multi-factor authentication, keeping systems up to date, maintaining regular backups, and training employees to recognize potential security threats. While these practices are essential, they don’t guarantee complete protection. No one is immune to online attacks—the […]

Read More »
05/20/25
Apple Silicon Macs Can’t Boot from the DFU Port
Tech Tip

Apple Silicon Macs Can’t Boot from the DFU Port

Booting from an external SSD (hard disks are too slow) provides a convenient way to test specific versions of macOS or troubleshoot problems with your Mac’s internal storage. However, a little-known gotcha has caused untold hair loss among those trying to boot from an external drive. Macs with Apple silicon cannot start up from external […]

Read More »
05/16/25
Tech Article

Use AirPlay to Mirror or Extend Your Mac’s Display

Apple’s AirPlay is one of those low-level technologies that’s more capable than many people realize. In addition to allowing you to stream video and audio from an iPhone, iPad, or Mac to an Apple TV connected to a large-screen TV, AirPlay also enables you to use that TV as an external Mac display, either mirroring […]

Read More »
05/13/25

If you are here and not sure how to proceed, please call us at 626-286-2350, and we would be happy to help you find a solution to your needs.

© 2025 Consultant Alliance
Designed by:

If you are here and not sure how to proceed, please call us at 626-286-2350, and we would be happy to help you find a solution to your needs.