Browser Watch: New Changes in Google Chrome 65
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Browser Watch: New Changes in Google Chrome 65

Google Chrome 65 includes new features, APIs and 45 security fixes

Google released the newest version of its browser, Chrome 65, on March 6th. The newest release version includes a new tab-under blocking feature, new APIs and 45 security fixes.

Chrome 65 (officially version 65.0.3325.146) can be upgraded using Chrome’s built-in update mechanism. New users can download the clean version off Chrome’s website.

No more Tab-under Redirects

One of the biggest new features in Chrome 65 is that the browser will now block tab-under redirects. These occur when a website opens links in a new tab and redirects the previously open tab to a new URL.

This is one of the most common tactics used by malvertisers, but it’s also begun to be used by regular advertisers as well. In reality, this is really just a clever workaround for Google’s pop up blocker. This feature has been undergoing construction since at least last October when Bleeping Computer first reported it.

Google formally announced the new feature last November as part of a larger campaign against malvertising. That campaign kicked off in earnest with the release of Chrome 64, which blocked iFrame-based redirects.

New APIs

Chrome 65 also adds more web developer APIs. One such example is CSS Paint API, which allows developers to generate images via Javascript in CSS code. Additionally, a new API called Server Timing API assists developers in better measuring server and website performance.

Additional Changes

Other features in this release

Blink > CSS

  • Developers can now use the :any-link pseudo-selector to apply CSS properties to all unvisited or visited hyperlink elements.
  • The syntax for specifying HSL/HSLA and RGB/RGBA coordinates for the color property now match the CSS Color 4 spec.
  • Developers can usedisplay:contents to generate boxes for an element’s children and pseudo-elements without generating the parent box.

Blink > DOM

  • To complement assignedNodes(), the <slot> element now has an assignedElements() method, which returns only the element nodes assigned to a given slot.
  • Chrome now supports the HTMLAnchorElement.relList property to indicate the relationship between the resource represented by the <a> element and the current document. Thanks to Samsung for this contribution!

Blink > Feature Policy

Blink > Network

  • To match compatibility with the TLS spec, Chrome now supports the draft-23 version of the TLS 1.3 protocol.
  • Developers can use Request.destination to evaluate which resource their service worker is fetching.

Blink > Performance APIs

  • As WebIDL was deprecated, PerformanceResourceTiming, PerformanceLongTaskTiming, and TaskAttributionTiming now support the toJSON method to convert objects to JSON.

Blink > Security

  • To protect users against cross-origin information leakage, Chrome will ignore the presence of the download attribute on anchor elements with cross-origin attributes.

Deprecations and interoperability improvements

Blink > Bindings

  • To match compatibility with the HTML spec, document.all is no longer overwritable.

Blink > Network

  • As previously announced, Chrome 65 will not trust certificates issued from Symantec’s Legacy PKI after December 1st, 2017, and will result in interstitials. This will only affect site operators who explicitly opted-out of the transition from Symantec’s Legacy PKI to DigiCert’s new PKI, and does not apply to the previously disclosed independent sub-CAs from this infrastructure.

For a complete list of all features (including experimental features) in this release, see the Chrome 65 milestone hotlist.


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.