Chrome 68 for Windows, macOS and Linux takes another step toward differentiating between secure and non-secure websites.
Chrome updates in the background, so users can usually just relaunch the browser to install the latest version. To manually update, select “About Google Chrome” from the Help menu under the vertical ellipsis at the upper right; the resulting tab either shows the browser has been updated or displays the download-and-upgrade process before presenting a “Relaunch” button. New-to-Chrome users can download it from this Google site.
The Mountain View, Calif. company updates Chrome every six or seven weeks. It last upgraded the browser on May 27.
Turns on ‘Not Secure’ warning
The biggest change to Chrome with the debut of version 68 was the new warning labels set into the address bar. While sites whose traffic is encrypted – marked by the HTTPS at the beginning of the URL – will be marked as “Secure,” those transmitting data via the unencrypted HTTP will be tagged as “Not Secure.”
This campaign of Google’s to call out HTTP websites as unsafe began four years ago, with incremental steps toward that goal since. In January 2017, for example, Chrome 56 shamed pages that didn’t encrypt password or credit card form fields with the “Not secure” label.
This latest move will not be the last, Google has promised. In early September, with Chrome 69, the browser will remove the “Secure” tag from sites using HTTPS so that encrypted traffic is considered the default. Google’s 180-degree turn from browsers’ decades-long signage – marking secure HTTPS sites, usually with a padlock icon, to indicate encryption and a digital certificate – to labeling only those pages that are insecure, will wrap up this year. In October, with the launch of Chrome 70, the browser will tag HTTP pages with a red “Not Secure” marker when users enter any kind of data.
As usual, Google adds APIs and plugs security holes
Chrome 68 sports some behind-the-scenes newness as well, which is standard for the browser’s updates.
Google highlighted several new APIs (application programming interfaces) in notes to developers, including the Page Lifecycle API and the Payment Handler API.
The former API, Page Lifecycle, offers site and web app developers a way to restore a tab that, for performance reasons, had previously been “frozen” by the browser to conserve resources, including memory and processor load. When the user then returns to the tab, it can be resumed as if nothing had happened.
Payment Handler, on the other hand, lets web-based payment app makers tie into the already-available online checkout infrastructure built into Chrome.
Google also patched 42 security vulnerabilities in version 68, including five marked as “High,” the second-most serious ranking in the company’s four-step system. Google shelled out $21,500 to researchers for reporting 19 of the bugs, with several bounties still to be decided.
Chrome’s next upgrade, version 69, will start reaching users the week of Sept. 2-8.