Browser Watch: New Changes in Google Chrome 65
Google Chrome 65 includes new features, APIs and 45 security fixes
Google released the newest version of its browser, Chrome 65, on March 6th. The newest release version includes a new tab-under blocking feature, new APIs and 45 security fixes.
Chrome 65 (officially version 65.0.3325.146) can be upgraded using Chrome’s built-in update mechanism. New users can download the clean version off Chrome’s website.
No more Tab-under Redirects
One of the biggest new features in Chrome 65 is that the browser will now block tab-under redirects. These occur when a website opens links in a new tab and redirects the previously open tab to a new URL.
This is one of the most common tactics used by malvertisers, but it’s also begun to be used by regular advertisers as well. In reality, this is really just a clever workaround for Google’s pop up blocker. This feature has been undergoing construction since at least last October when Bleeping Computer first reported it.
Google formally announced the new feature last November as part of a larger campaign against malvertising. That campaign kicked off in earnest with the release of Chrome 64, which blocked iFrame-based redirects.
New APIs
Chrome 65 also adds more web developer APIs. One such example is CSS Paint API, which allows developers to generate images via Javascript in CSS code. Additionally, a new API called Server Timing API assists developers in better measuring server and website performance.
Additional Changes
Other features in this release
Blink > CSS
- Developers can now use the :any-link pseudo-selector to apply CSS properties to all unvisited or visited hyperlink elements.
- The syntax for specifying HSL/HSLA and RGB/RGBA coordinates for the color property now match the CSS Color 4 spec.
- Developers can usedisplay:contents to generate boxes for an element’s children and pseudo-elements without generating the parent box.
Blink > DOM
- To complement assignedNodes(), the <slot> element now has an assignedElements() method, which returns only the element nodes assigned to a given slot.
- Chrome now supports the HTMLAnchorElement.relList property to indicate the relationship between the resource represented by the <a> element and the current document. Thanks to Samsung for this contribution!
Blink > Feature Policy
- Developers can now use the sync-xhr feature policy to selectively enable and disable the use of Synchronous XMLHttpRequest.
Blink > Network
- To match compatibility with the TLS spec, Chrome now supports the draft-23 version of the TLS 1.3 protocol.
- Developers can use Request.destination to evaluate which resource their service worker is fetching.
Blink > Performance APIs
- As WebIDL was deprecated, PerformanceResourceTiming, PerformanceLongTaskTiming, and TaskAttributionTiming now support the toJSON method to convert objects to JSON.
Blink > Security
- To protect users against cross-origin information leakage, Chrome will ignore the presence of the download attribute on anchor elements with cross-origin attributes.
Deprecations and interoperability improvements
Blink > Bindings
- To match compatibility with the HTML spec, document.all is no longer overwritable.
Blink > Network
- As previously announced, Chrome 65 will not trust certificates issued from Symantec’s Legacy PKI after December 1st, 2017, and will result in interstitials. This will only affect site operators who explicitly opted-out of the transition from Symantec’s Legacy PKI to DigiCert’s new PKI, and does not apply to the previously disclosed independent sub-CAs from this infrastructure.
For a complete list of all features (including experimental features) in this release, see the Chrome 65 milestone hotlist.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown