Google Chrome 65 includes new features, APIs and 45 security fixes
Google released the newest version of its browser, Chrome 65, on March 6th. The newest release version includes a new tab-under blocking feature, new APIs and 45 security fixes.
Chrome 65 (officially version 65.0.3325.146) can be upgraded using Chrome’s built-in update mechanism. New users can download the clean version off Chrome’s website.
No more Tab-under Redirects
One of the biggest new features in Chrome 65 is that the browser will now block tab-under redirects. These occur when a website opens links in a new tab and redirects the previously open tab to a new URL.
This is one of the most common tactics used by malvertisers, but it’s also begun to be used by regular advertisers as well. In reality, this is really just a clever workaround for Google’s pop up blocker. This feature has been undergoing construction since at least last October when Bleeping Computer first reported it.
Google formally announced the new feature last November as part of a larger campaign against malvertising. That campaign kicked off in earnest with the release of Chrome 64, which blocked iFrame-based redirects.
Other features in this release
Blink > CSS
- Developers can now use the :any-link pseudo-selector to apply CSS properties to all unvisited or visited hyperlink elements.
- The syntax for specifying HSL/HSLA and RGB/RGBA coordinates for the color property now match the CSS Color 4 spec.
- Developers can usedisplay:contents to generate boxes for an element’s children and pseudo-elements without generating the parent box.
Blink > DOM
- To complement assignedNodes(), the <slot> element now has an assignedElements() method, which returns only the element nodes assigned to a given slot.
- Chrome now supports the HTMLAnchorElement.relList property to indicate the relationship between the resource represented by the <a> element and the current document. Thanks to Samsung for this contribution!
Blink > Feature Policy
- Developers can now use the sync-xhr feature policy to selectively enable and disable the use of Synchronous XMLHttpRequest.
Blink > Network
- To match compatibility with the TLS spec, Chrome now supports the draft-23 version of the TLS 1.3 protocol.
- Developers can use Request.destination to evaluate which resource their service worker is fetching.
Blink > Performance APIs
- As WebIDL was deprecated, PerformanceResourceTiming, PerformanceLongTaskTiming, and TaskAttributionTiming now support the toJSON method to convert objects to JSON.
Blink > Security
- To protect users against cross-origin information leakage, Chrome will ignore the presence of the download attribute on anchor elements with cross-origin attributes.
Deprecations and interoperability improvements
Blink > Bindings
- To match compatibility with the HTML spec, document.all is no longer overwritable.
Blink > Network
- As previously announced, Chrome 65 will not trust certificates issued from Symantec’s Legacy PKI after December 1st, 2017, and will result in interstitials. This will only affect site operators who explicitly opted-out of the transition from Symantec’s Legacy PKI to DigiCert’s new PKI, and does not apply to the previously disclosed independent sub-CAs from this infrastructure.
For a complete list of all features (including experimental features) in this release, see the Chrome 65 milestone hotlist.