Friday, April 19, 2024
Latest:
ZDNet | Security 

Chrome 70 released with revamped Google account login system

TH Author

Google has released today Chrome 70, the latest version of its browser. The most anticipated addition to today’s release is a new Chrome setting panel option that allows users to control how the browser behaves when they log into a Google account.

Google added this new setting after the company was accused last month of secretly logging users into their Chrome browser accounts whenever they logged into a Google website.

Many users misinterpreted this move as Google secretly syncing their browsing history behind their backs. Google denied it ever synced users’ data without their specific consent, but the company came under heavy criticism from both the media and its userbase.

chromesettings.png (Image: Google)

The new setting added in Chrome 70 is named “Allow Chrome sign-in” and is turned on by default. If users leave this option enabled, Chrome 70 will behave as Chrome 69, and whenever a user logs into Gmail or YouTube, they’ll also be logged into Chrome’s Sync account at the same time.

Users can turn this setting off, and Chrome will behave as it did before the Chrome 69 release that angered most users. In that case, they’ll be able to log into a Google website without being automatically logged into their Chrome Sync account.

In addition, Google also launched a new UI for displaying the “sync status” of a Chrome Sync account. This change was also made after criticism last month when users said it was hard to tell when Google was actively syncing or not syncing their data.

According to the new UI, users will see “Not syncing” or “Syncing to” written atop their account name, allowing them to easily determine if their browsing data is being sent to Google’s servers.

chromeui.png

chromeui.png

(Image: Google)

But these two features were added as a last minute fix to quelch a media scandal last month, and are not the only things added in Chrome 70. Google engineers have been working for months on other more legitimate and much-awaited improvements. Chrome 70 includes a truckload of other features.

For example, Chrome now ships with the final version of the TLS 1.3 standard. Chrome supported draft versions of TLS 1.3 for years, but the browser now supports the final version of the standard, which was approved by the Internet Engineering Task Force (IETF) earlier this year, in March.

Chrome 70 also includes two updates to the Web Authentication API, which will now allow developers to support authentication via macOS’ TouchID and Android’s fingerprint sensor.

chrome70-webauth.png

chrome70-webauth.png

Image: Google

Web Bluetooth, an API that allows websites to communicate over GATT with nearby user-selected Bluetooth devices, is now also available for Chrome on Windows 10. Web Bluetooth support first shipped with Chrome 56, last year, but only for Android, ChromeOS, and macOS.

Google also changed how Chrome handles AppCache, a legacy system for storing website/app data locally. Starting with Chrome 70, websites won’t be able to set or retrieve AppCache data unless they do it via HTTPS, in a secure context.

Another big change to the way Chrome works is a recent modification made to prevent websites from trapping users into fullscreen mode. Starting with Chrome 70, when a website displays a dialog/popup, Chrome will exit fullscreen. This will help with situations when novice or non-technical users can reach a dialog/popup shown behind the fullscreen, and by doing so also being prevented from exiting the fullscreen mode.

Chrome 70 is also the first version of the browser to support the new AV1 video codec.

In addition, Google is also holding an experiment for the Shape Detection API. This API gives Chrome the ability to detect and identify faces, barcodes, and text inside images or webcam feeds.

Google says the Shape Detection API can perform the computing-heavy operations needed for such tasks without killing browser performance. Users and devs can sign up for a trial, here.

Extension-wise, starting with Chrome 70, Google is giving users the ability to give extensions per-site permissions, as a security measure. This way, users can restrict privacy-intrusive permissions to one or two sites, and not grant them access to the users’ entire data.

Furthermore, Chrome 70 will also be able to restrict extensions to a user click, meaning the extension won’t execute on a page until the user clicks a button or option in Chrome’s menu. This feature was announced two weeks ago as part of a larger set of security improvements for the Chrome Web Store ecosystem.

new-fine-grained-controls-for-chrome-extensions.png

new-fine-grained-controls-for-chrome-extensions.png

Image: Google

Chrome 70 also includes patches for 23 security issues, including for two serious issues, a sandbox escape caused by Chrome’s AppCache feature, and a remote code execution vulnerability in V8, Chrome’s JavaScript engine.

There are also a large number of changes to Chrome’s underlying Web APIs and CSS features. Details about the developer-centric modifications are available in this Chromium blog post.

With today’s release, Chrome’s new version number is 70.0.3538.67. The full changelog is available here (slow-loading link).

The only thing missing from today’s release –or better yet, still present– is support for Symantec SSL certificates. Chrome 70 was the version in which Chrome was supposed to distrust Symantec certificates but they validated just fine when ZDNet tried accessing sites that used them.

Related stories:

READ MORE HERE