ChromeOS

Is PQC enabled? — quick check

ChromeOS — crosh (Ctrl+Alt+T) or chrome://

# Open chrome://version
# Open chrome://policy and look for PostQuantumKeyAgreementEnabled
# Open https://checkpqc.app/

Expected when PQC is ON

Google Chrome 134.0.6998.x (Official Build) (64-bit)
PostQuantumKeyAgreementEnabled = true
checkpqc.app verdict: HYBRID_ENABLED

What you'll see when PQC is OFF

Google Chrome 122.0.6261.x
PostQuantumKeyAgreementEnabled = false   (managed device override)
checkpqc.app verdict: CLASSICAL_ONLY

ChromeOS is Chrome the way Apple intends iOS to be Safari — the browser is the OS. That means hybrid X25519MLKEM768 shipped to ChromeOS automatically the moment Chrome stable enabled it (Chrome 124, April 2024).

What's PQ-ready

Browser HTTPS / TLS 1.3 — hybrid PQC by default. Chrome.
Android apps via the Play Store — same as Android (Conscrypt-driven).
Linux container (Crostini) — install Debian's openssl; see Linux for distro-version notes.

Enterprise policy

chrome://policy
# Look for: PostQuantumKeyAgreementEnabled = true

PostQuantumKeyAgreementEnabled is exposed as a managed policy. Default is enabled; only turn it off if a managed middlebox forces fallback during a transition.

Verify

Open checkpqc.app in the user profile that runs day-to-day traffic.
chrome://net-internals/#events shows the named group used per handshake.

Run the check on services your Chromebook talks to →