When the Department of Justice urged the forced sale of Google Chrome, it may have cracked open a new front in the cybersecurity debate.
The courtroom argument is clear: Google’s stranglehold on search, aided by Chrome’s ubiquity, harms competition. But what’s far less examined is this: what happens to digital security when a core pillar of the internet is splintered?
At stake is more than corporate market share because Chrome isn’t merely a browser. It’s an active, adaptive security platform. In 2024 alone, Google reported blocking more than five billion bad ads and suspending almost 40 million advertiser accounts that were engaged in fraudulent behaviour. I
ts integration with Android and Gmail creates a layered defence ecosystem, not just for Google’s benefit but for the broader public internet. If Chrome is peeled away and spun out to a new owner, that cohesion may erode.
On one hand, breaking up Google could diversify the ecosystem – and that’s not nothing. Monocultures are brittle. A more competitive browser market could accelerate innovation in privacy-respecting search engines and browsers, reducing single points of failure. Right now, Chrome dominates with 66.16% global browser share, creating an outsized attack surface. In cybersecurity, decentralisation can be a virtue.
But the risks are tangible. Splitting Chrome from Google could degrade the platform’s ability to respond to fast-moving cyber threats. Threat intelligence sharing across Google’s product stack is seamless precisely because it’s vertically integrated. Unwinding that might require building new security pipelines from scratch – likely slower, likely weaker.
And if a divested Chrome ends up in private equity hands or under-resourced management, critical security updates could lag. Chrome is a dynamic, continuously secured infrastructure, not a plug-and-play asset.
Worse still, Google’s ability to feed its AI-driven security systems – including those protecting against zero-day exploits – depends on massive search and browsing telemetry. Stripping Chrome away could reduce the fidelity of that data stream, weakening Google’s machine-learning defences that already outpace many standalone cybersecurity vendors.
There’s also a geopolitical wrinkle. If Chrome’s sale creates fragmentation or inconsistent standards, adversarial actors – state-sponsored or otherwise – could exploit the confusion. These days, cyberattacks cross borders with ease, and breaking up one of the West’s most formidable digital defence players without a national security mitigation plan could be dangerous.
Of course, monopolies shouldn’t be allowed to insulate themselves with security fearmongering. But neither should governments pretend that technology infrastructure is interchangeable.
So the question remains: Can we regulate Google’s power without inadvertently weakening the cybersecurity scaffolding it built? Know that trust is always fragile and threats are always evolving, that may be the most important question Judge Mehta – and the rest of us – must grapple with.
By Vincentas Baubonis
ABOUT THE AUTHOR
Vincentas Baubonis is an expert in Full-Stack Software Development and Web App Security, with a specialised focus on identifying and mitigating critical vulnerabilities in Iot, hardware hacking, and organisational penetration testing. As Head of Security Research at Cybernews, he leads a team that has uncovered significant privacy and security issues affecting high-profile organisations and platforms such as NASA, Google Play, and PayPal. Under his leadership, the Cybernews team conducts over 7,000 pieces of research annually, publishing more than 600 studies each year that provide consumers and businesses with actionable insights on data security risks.
