With Android 16, users can enable Advanced Protection to “activate Google’s strongest security for mobile devices.” There are three main Advanced Protection features in Chrome 137+ on Android 16, starting with “Always use secure connections” — or HTTPS — being enabled. Before connecting to an insecure (HTTP) site, Chrome asks for explicit permission before loading. This setting protects users from attackers reading confidential data and injecting malicious content into otherwise innocuous webpages. The next feature disables the “higher-level optimizing Javascript compilers inside V8.” V8 is Chrome’s high-performance Javascript and WebAssembly engine. The optimizing compilers in V8 make certain websites run faster, however they historically also have been a source of known exploitation of Chrome. Of all the patched security bugs in V8 with known exploitation, disabling the optimizers would have mitigated ~50%. This prevents a large category of exploits, but at the expense of “causing performance issues for some websites.” Finally, Advanced Protection enables Site Isolation wherein Chrome “isolates each website into its own rendering OS process” in memory. This isolation prevents a malicious website from accessing data or code from another website, even if that malicious website manages to exploit a vulnerability in Chrome’s renderer—a second bug to escape the renderer sandbox is required to access other sites.