Google Launches Advanced Protection for Vulnerable Users via Chrome on Android

Google has announced the expansion of its Advanced Protection Program to Chrome on Android, providing enhanced security features specifically designed for high-risk users including journalists, elected officials, and public figures.

The new device-level security setting, available on Android 16 with Chrome 137+, offers comprehensive protection against sophisticated cyber threats through three key security enhancements.

The Advanced Protection integration represents a significant step forward in mobile security, acting as a centralized control point for at-risk users who face heightened security challenges.

According to the Chrome Security Team, this initiative addresses the growing need for stronger security measures in an increasingly hostile digital landscape.

Enhanced Security Through Three Core Features

The Advanced Protection system implements three critical security measures within Chrome on Android. First, it automatically enables the “Always Use Secure Connections” setting, which forces HTTPS connections for both public and private sites.

This feature protects users from attackers who might intercept confidential data or inject malicious content through insecure HTTP connections. Notably, insecure HTTP now represents less than 1% of page loads for Chrome on Android users.

The second enhancement involves full Site Isolation on mobile devices with 4GB or more RAM.

This feature ensures that potentially malicious websites never load in the same process as legitimate sites, providing an additional layer of protection against cross-site data leakage.

While desktop Chrome clients already benefit from full Site Isolation, this marks its comprehensive deployment on mobile platforms for Advanced Protection users.

The third security measure involves disabling JavaScript optimizations to reduce Chrome’s attack surface.

By turning off higher-level optimizing JavaScript compilers within V8, Google’s JavaScript engine, the system becomes significantly harder to exploit.

Privacy and Security -> Javascript optimization and security” class=”wp-image-148195″ srcset=”https://gbhackers.com/wp-content/uploads/2025/07/image-13.jpg 752w, https://gbhackers.com/wp-content/uploads/2025/07/image-13-276×300.jpg 276w, https://gbhackers.com/wp-content/uploads/2025/07/image-13-387×420.jpg 387w, https://gbhackers.com/wp-content/uploads/2025/07/image-13-150×163.jpg 150w, https://gbhackers.com/wp-content/uploads/2025/07/image-13-300×326.jpg 300w, https://gbhackers.com/wp-content/uploads/2025/07/image-13-696×756.jpg 696w” sizes=”(max-width: 752px) 100vw, 752px”/>

Historical data suggests this measure could have mitigated approximately 50% of patched security bugs in V8 with known exploitation.

The Advanced Protection features aren’t exclusively limited to the program’s participants. Google has been gradually expanding these security measures across its user base.

The company has quietly enabled “Always Use Secure Connections” in Incognito Mode since Chrome 127 in June 2024 and automatically prevents downgrades from HTTPS to HTTP on frequently accessed sites since Chrome 133 in January 2025.

Enterprise users can also implement these security settings through specific policies, allowing organizations to protect their fleets while maintaining operational flexibility.

The JavaScript optimization controls are available through enterprise policies that support both allowlists and denylists for different sites.

Google recommends that vulnerable users combine Advanced Protection with enrollment in the Advanced Protection Program for their Google accounts.

This comprehensive approach requires phishing-resistant multi-factor authentication methods and enables Advanced Protection across all of the user’s Android devices.

The company emphasizes the importance of maintaining automatic updates and keeping Android devices and browsers current with the latest security patches.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.