Last year, Microsoft claimed that Edge leapfrogged rivals in terms of protections by adding Virtualization Based Security (VBS) -- which basically keeps the browser within a virtual "PC" and separate from other processes, among them the Windows 10 kernel. Google, on the other hand, is sticking with its sandbox tech.
With site isolation, Chrome can now render content for open websites in an individual process that is kept separate from other pages. If you don't want a blanket approach, you can create a preset list of sites you want to isolate instead -- Google suggests using it for your company intranet. The cost of the extra layer of protection is 10 to 20 percent increased memory usage.
Google's browser already lets all-powerful admins blacklist specific extensions. Chrome 63 takes things a step further by allowing IT admins to restrict access to extensions based on the permissions required (like the use of webcam or microphone).
Chrome's latest version also heralds the arrival of TLS 1.3 for Gmail: a protocol for secure communications on the internet. Google claims the previous version, standardized in 2008, is in need of an overhaul. And TLS 1.3 makes for a faster and more secure experience, with plans to bring it to the entire web in 2018. Google is recommending admins check its feedback forum to ensure your system is interoperable with it.
Looking ahead, there's news that the next update (Chrome 64) will include support for the NTLMv2 authentication protocol, which is already the default in the Windows browser. It will become the default NTLM protocol in Chrome 65.