Browser Watch: New Changes in Google Chrome 65
Google Chrome 65 includes new features, APIs and 45 security fixes
Google released the newest version of its browser, Chrome 65, on March 6th. The newest release version includes a new tab-under blocking feature, new APIs and 45 security fixes.
Chrome 65 (officially version 65.0.3325.146) can be upgraded using Chrome’s built-in update mechanism. New users can download the clean version off Chrome’s website.
No more Tab-under Redirects
One of the biggest new features in Chrome 65 is that the browser will now block tab-under redirects. These occur when a website opens links in a new tab and redirects the previously open tab to a new URL.
This is one of the most common tactics used by malvertisers, but it’s also begun to be used by regular advertisers as well. In reality, this is really just a clever workaround for Google’s pop up blocker. This feature has been undergoing construction since at least last October when Bleeping Computer first reported it.
Google formally announced the new feature last November as part of a larger campaign against malvertising. That campaign kicked off in earnest with the release of Chrome 64, which blocked iFrame-based redirects.
Other features in this release
Blink > CSS
- Developers can now use the :any-link pseudo-selector to apply CSS properties to all unvisited or visited hyperlink elements.
- The syntax for specifying HSL/HSLA and RGB/RGBA coordinates for the color property now match the CSS Color 4 spec.
- Developers can usedisplay:contents to generate boxes for an element’s children and pseudo-elements without generating the parent box.
Blink > DOM
- To complement assignedNodes(), the <slot> element now has an assignedElements() method, which returns only the element nodes assigned to a given slot.
- Chrome now supports the HTMLAnchorElement.relList property to indicate the relationship between the resource represented by the <a> element and the current document. Thanks to Samsung for this contribution!
Blink > Feature Policy
- Developers can now use the sync-xhr feature policy to selectively enable and disable the use of Synchronous XMLHttpRequest.
Blink > Network
- To match compatibility with the TLS spec, Chrome now supports the draft-23 version of the TLS 1.3 protocol.
- Developers can use Request.destination to evaluate which resource their service worker is fetching.
Blink > Performance APIs
- As WebIDL was deprecated, PerformanceResourceTiming, PerformanceLongTaskTiming, and TaskAttributionTiming now support the toJSON method to convert objects to JSON.
Blink > Security
- To protect users against cross-origin information leakage, Chrome will ignore the presence of the download attribute on anchor elements with cross-origin attributes.
Deprecations and interoperability improvements
Blink > Bindings
- To match compatibility with the HTML spec, document.all is no longer overwritable.
Blink > Network
- As previously announced, Chrome 65 will not trust certificates issued from Symantec’s Legacy PKI after December 1st, 2017, and will result in interstitials. This will only affect site operators who explicitly opted-out of the transition from Symantec’s Legacy PKI to DigiCert’s new PKI, and does not apply to the previously disclosed independent sub-CAs from this infrastructure.
For a complete list of all features (including experimental features) in this release, see the Chrome 65 milestone hotlist.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown