Skip to main content

Clearing the Air

by Bill Bradley on Thursday July 12, 2018

Contact Us
Free Demo

Google’s New “No Chrome Browser Injection Policy” Has No Impact on Digital Guardian’s DLP Capabilities

Contrary to what McAfee implied in a recent blog post, with the release of Chrome 68, DLP products will no longer be able to inspect web uploads and/or block the upload when the Chrome browser is being used. Digital Guardian’s DLP solution still supports content inspection and policy enforcement on Google Chrome 68. Our DLP architecture includes a web inspection proxy in the endpoint agent which detects web transmissions and provides proactive mitigation options to prevent sensitive data loss.

In late 2017, Google made a decision to disallow 3rd party software code injection into the Chrome browser beginning in July 2018. They made that decision for a good reason: injecting code into any application can be risky. Unless you know with 100 percent certainty that the code is not malicious, you risk creating new vulnerabilities. Permitting injection could allow an attacker to gain access to your private information and actively blocking code injection can reduce this risk. But despite that good reason, many agent-based information security solutions such as AV and DLP solutions, like McAfee’s, rely on code injection to perform their core tasks. 

Digital Guardian understood the impact of Google’s decision and engineered a new way to preserve critical DLP functionality for Chrome users. Our innovative approach is able to connect file information (e.g. sensitivity, location, type) with the transmission destination (e.g. an unauthorized external site). This provides security professionals with the ability to fully manage the risk of data loss, all done without the need for injection and therefore eliminating the potential for conflicts.

As of May 2018, per, Chrome commands over 60 percent of the desktop/laptop browser market, the next player, Internet Explorer, has around 12 percent. So not supporting Chrome 68 (and future versions) was not an option – it would leave too big a gap in our customer’s data protection programs.

Just wanted to be clear. Google Chrome’s new no-injection policy may present challenges to other DLP providers, but Digital Guardian is good to go.

Tags:  Company News

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business