The next version of Chrome for desktops is shaping up to be a much bigger update than usual. In addition to tab grouping and automatically blocking battery-killing ads, the browser is also getting a big set of improvements for security, safety, and privacy.

When the update arrives in Google’s usual “coming weeks” timeline, users will see new features that fall into a few different buckets: user interface changes, more checks to prevent users from visiting malicious websites (including a more proactive option that may share more data with Google), more secure DNS, and third-party cookie blocking in Incognito mode.

The first and most obvious update is user interface changes. Google’s moving some buttons and settings around to make them easier to find. Cookie settings, privacy settings, extensions, and Google sync settings are all becoming more prominent and will get better and clearer descriptive labels.

Google does a lot of these settings shuffles on its platforms, but the changes here are more meaningful than usual because they are connected to several ongoing issues with both Google and Chrome.

Google is moving its extensions menu to a little puzzle icon that will appear by default in the main toolbar. The company seems to think that some users with a lot of extensions aren’t figuring out that you don’t have to have a massive row of them. More importantly, though, Google has embarked on a long effort to clean up Chrome’s extensions and make it easier to restrict their permissions. You’ll still be able to pin extensions to the toolbar, if you like.

The new menu will do more than make extensions easier to find. They’ll more clearly show each extension’s current state and permissions and make it easier to chose those things. Expect more changes to improve how Chrome handles extensions going forward. They’re needed: extensions are great, but they’ve always been a vector for malware. Even for experts, it’s hard to keep track of it all.

The next UI change is that Google is bringing cookies out to the top level of its settings menu where it’ll be easier to adjust them. This isn’t a big change, but it might be a way for Google to start educating its less-technical users on what cookies are and why they should pay attention to them.

That’s because Chrome is on the slow road to fully blocking third-party cookies, a move other browsers like Safari and Firefox have already taken. Google is moving slower because it thinks blocking those cookies breaks too many websites right now.

However, Google will begin blocking third-party cookies but only in Incognito mode. In Incognito, there may be more of an acceptance that things could break in the name of privacy — and it will be possible to grant one-time allowances for third-party cookies for each Incognito session.

Settings will also feature a more prominent Safety Check tool. That tool already exists, but Google will expand it with a way to check for known password breaches. If you use Chrome’s tools for saving your passwords, the browser will be able to warn you if any site you use has had a recent breach. It’ll also check for rogue extensions, Chrome updates, and whether you have Google’s Safe Browsing feature turned on.

If you’re not familiar, Safe Browsing is Chrome’s tool for detecting known phishing sites. It maintains a database of such sites and sends them out to browsers as often as every half-hour so that when you visit one, Chrome will pop up a huge, appropriately scary warning.

On the next version of Chrome, Google will offer a new option called Enhanced Safe Browsing. If you turn it on, you’ll be sharing the URL of “uncommon” websites you visit with Google in real time. The reason for that is Google is finding that scammers are registering and deploying new phishing websites at such a rapid pace that even a 30-minute refresh on a phishing database isn’t fast enough.

Google says this tool will also combine with information culled from your personal Gmail and Drive accounts. For example, if Gmail detected a spam email with a sketchy link, this tool could inform Chrome that it’s a phishing site if you happen to click on it.

Obviously, sharing yet more detail with Google — especially something as private as what websites you’re visiting — should give you serious pause. The company tells me that, as soon as its Safe Browsing algorithm determines the URL you’re visiting is safe, it will anonymize the data. Then, it will eventually delete that anonymized data entirely, though it’s not clear exactly how long that will be.

Lastly, Chrome will follow Mozilla in enabling DNS-over-HTTPS, a more secure way for your browser to resolve the human-readable URL you type in and the actual IP address of the site you’re visiting.

Google is apparently working with major ISPs to turn it on where supported rather than just flipping people over to a secure DNS of its own choosing. But it’s also not turning this option on for everybody because DNS-over-HTTPs isn’t without controversy. Normally, DNS is sent in the clear, which makes it easier for network-level filters to work. Encrypted DNS makes life for parental apps much more complicated, for example.

Google says that Chrome will use a list of encrypted DNS providers that the company maintains to match to your ISP, then fall back to default DNS if it doesn’t have an encrypted option. It will be turned off in Windows if parental controls are turned on, and it’ll also turn it off in cases where it sees enterprise device management policies.

That’s it. But it’s also a lot. Combined with some of the other changes, the next version of Chrome looks like the biggest update in a long while, one that sets the browser up for the bigger changes to cookies and tracking yet to come. The update will roll out just as all of Google’s updates do: over the coming weeks.