What’s in the latest Chrome update?
- March 11, 2018
- Posted by: Jim Lund
- Categories: IT Security, Vendors
Chrome 65 for Windows, macOS and Linux fixes 45 vulnerabilities and delivers security and developer improvements and enhancements users won’t see.
Google on March 6 released Chrome 65 for Windows, macOS and Linux, with fixes for 45 vulnerabilities, and security and developer improvements and enhancements that users won’t see, or even notice.
Chrome updates in the background, so users only need relaunch the browser to install the latest version. (To manually update, select “About Google Chrome” from the Help menu under the vertical ellipsis at the upper right; the resulting tab either shows the browser has been updated or displays the download-and-upgrade process before presenting a “Relaunch” button.) Those new to Chrome can download it from this Google site.
The Mountain View, Calif. company updates Chrome every six to seven weeks. It last upgraded the browser on Jan. 24.
Some upgrades, like Chrome 64, boast obvious-to-the-end-user modifications that alter the browser’s performance, signal adoption of web standards or debut new functionality. (The user interface, or UI, of Chrome has changed little since the browser’s 2008 launch.) Other versions – and Chrome 65 is firmly in this camp – make virtually no splash because changes are exclusively behind the scenes, or nearly so.
Tops on that background list is support for the Web Authentication API“enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.” Both Microsoft (for Edge) and Mozilla (Firefox) have also committed to the standard. Support for the API was left disabled in Chrome 65; it can be enabled from the page that results from typing chrome://flags in the address bar.
Other improvements include the introduction of CSS Paint API and Server Timing API. The former lets web developers craft images programmatically, eliminating the need to insert actual images – and thus load a resource from a server – as, say, background. The latter introduces new functionality that site designers and administrators can use to pass performance information on the server, from the server, to the browser.
In other areas, however, Chrome was twiddling thumbs. Last year, Google announced that Chrome 64 would not allow any auto-play content unless the audio was muzzled. Some exceptions were to apply: If the user clicked or tapped (desktop Chrome or mobile Chrome, respectively), “somewhere on the site during the browsing session,” the audio would still play. But the mandate did not go live in January with Chrome 64, as expected. Nor has it been activated in Chrome 65. Instead, Google has delayed enforcement to the middle of April, when Chrome 66 will appear.
But sites that have long relied on auto-play content – the sports website espn.com, for one – have been preparing for the Chrome ruling by muting the audio on video clips (the video still cranks up as soon as the user navigates to a story).
Google also patched nearly four dozen security vulnerabilities in version 65, including nine marked as “High,” the second-most-serious ranking in the company’s four-step system. Google paid researchers $34,500 for reporting 19 of the 45 bugs, with one additional report’s bounty still to be decided.
Chrome’s next upgrade, to version 66, should start reaching users on April 17.