Chrome Insider: What's new in Chrome Enterprise, Release 76
Program Manager, Chrome Enterprise
Updates in Chrome 76 are focussed on increasing security for Chrome Browser and Chrome devices in your organization. For the full list of what’s new, and more detailed descriptions, be sure to read the release notes.
Flash is now blocked by default
Last year, Adobe announced it will stop updating and distributing the Flash Player at the end of 2020. As part of our commitment to security, and our transition plan, from Chrome 76, Adobe Flash will be blocked by default. Administrators can manually switch back to ASK ("Dialog to Ask first before running Flash") before running Flash. This change won’t impact existing policy settings for Flash. You can still control Flash behavior using DefaultPluginsSetting, PluginsAllowedForUrls, and PluginsBlockedForUrls.
For more information on the Flash transition plan, see the Flash Roadmap. Enterprises using Flash applications today should be looking for alternatives to those applications, as Flash will be removed from Chrome in late 2020.
Privately-hosted extensions should now be packaged with CRX3 for added security
We know that some enterprises prefer to privately-host (self-host) internally developed extensions, or third-party extensions outside of the Chrome Web Store for many business reasons—the most common is compliance.
If your self-hosted extensions are still packaged in the CRX2 format, these extensions will stop updating in Chrome 76 and new installations of the extension will fail. Privately hosted extensions that were packaged using a custom script or a version of Chrome prior to Chrome 64 must be repackaged to CRX3.
As we’ve been discussing since Chrome 68, we are moving from CRX2 to CRX3. CRX2 uses SHA1 to secure updates to the extension or app and, because breaking SHA1 is technically possible, this allows attackers to intercept an extension update and inject arbitrary code into it. CRX3 uses a stronger algorithm, avoiding these risks, helping to protect against attacks.
It’s now even easier to discover Chrome Enterprise policies
As part of our ongoing efforts to make discovering and setting Chrome Enterprise policies even easier, we have created a new site which details our Chrome Enterprise policies. The new site allows you to filter by platform and Chrome version to make it faster and easier to see which policies are available for your fleet.
Built-in FIDO authenticator is now supported
Starting with version 76, all latest-generation Chromebooks will gain the option to enable a built-in FIDO authenticator backed by Titan technology. For supported services, enterprises can allow end users to use the power button on these devices to protect against certain classes of attacks. This feature is disabled by default, however administrators can enable this by changing DeviceSecondFactorAuthentication in the Admin console