Google is stepping up its commitment to user security with a suite of new features for Chrome on Android, specifically targeting users who require heightened protection—such as journalists, public figures, and high-profile professionals. These enhancements are part of the Android Advanced Protection Program, which now brings some of Google’s strongest security measures directly to Chrome on mobile devices.
Key Chrome Security Upgrades
1. HTTPS-Only Mode: Always Use Secure Connections
Chrome for Android now enforces HTTPS connections whenever possible, ensuring users’ data is encrypted and protected from interception or tampering on insecure HTTP sites. If a site doesn’t support HTTPS, Chrome will warn users before connecting, reducing risks on both public and private networks.
- Adoption and Availability:
Less than 1% of Chrome page loads on Android still use HTTP. Google plans to make HTTPS-first mode the default for all users soon. - Customizable Settings:
Users and enterprises can enable or customize HTTPS-only mode, with options for allowlists and exceptions (e.g., internal networks). - Incognito and Security Enhancements:
Since June 2024, HTTPS-only mode is automatically enabled in Incognito Mode for public sites. Since January 2025, Chrome also prevents downgrades from HTTPS to HTTP on known secure sites.
2. Full Site Isolation on Mobile Devices
For devices with 4GB of RAM or more, Chrome now supports full site isolation—a security architecture that separates each website into its own process. This prevents malicious sites from accessing or stealing data from other tabs or pages.
- Desktop Parity:
Site isolation has been a default security feature on desktop Chrome for years. - Advanced Protection Integration:
On Android, this is enabled for all sites if Advanced Protection is active. Without Advanced Protection, site isolation is triggered only after login or form submission.
3. JavaScript Controls and Optimizations
To further reduce the attack surface, Advanced Protection disables V8’s high-level JavaScript optimizing compilers. This blocks a class of known exploits, though it may slightly impact performance.
- User and Enterprise Control:
All users can now manage JavaScript optimization settings per site through Chrome’s site settings. Enterprises can enforce policies to allow trusted sites while restricting others. - Future Security:
Google is working on rolling out a V8 sandbox to further strengthen JavaScript security.
Why These Changes Matter
With billions of users worldwide, Chrome and Android must balance usability and security. The new features offer robust, customizable protections for both individuals and organizations—especially those at higher risk of targeted attacks.
Google recommends:
- Enabling Advanced Protection for the highest level of security, including phishing-resistant multi-factor authentication and device safeguards.
- Customizing security settings to match individual or organizational needs.
Availability
These security upgrades are available now for devices running Android 16 with Chrome version 137 or higher.
Google Chrome for Android’s latest updates—HTTPS-only mode, full site isolation, and granular JavaScript controls—mark a significant leap forward in mobile browser security. These features, especially when paired with Android’s Advanced Protection Program, help safeguard users against increasingly sophisticated online threats, making Chrome a safer choice for everyone, especially those who need it most.