Chrome 85 lets users collapse and expand tab groups, see tab previews, save data entered into PDF forms, and spend less time waiting for pages to load.
Google last week released Chrome 85, boasting of several enhancements to the browser's tab-based user interface and a 10% reduction in page load times.
The Mountain View, Calif. company also paid out more than $10,000 in bounties to security researchers who reported some of the 20 vulnerabilities addressed in Chrome 85. Two of the bugs were marked "High," Google's second-most-serious threat level. One of those flaws, which Google said was in the iOS version of Chrome, was reported by a member of Microsoft's browser vulnerability research team. Microsoft now relies on the same core technologies — those produced by the Google-dominated Chromium project — for its Edge browser as Google does for Chrome.
Chrome updates in the background, so most users can finish the refresh by relaunching the browser. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. People new to Chrome can download version 85 for Windows, macOS, and Linux directly.
Google updates Chrome approximately every six weeks; the previous upgrade was released on July 14.
Tabs, tabs and more tabs
Google bundled several new tab features into Chrome 85; one added functionality to the tab grouping that debuted earlier this year.
With tab grouping, users can organize tabs in — where else? — the tab bar by lumping together several tabs, each lump designated by color and name. New tabs can be added to the group by dragging and dropping or from a right-click menu; existing tabs can be dumped from a group as well.
Chrome 85 lets users collapse and expand those tab groups. A click on the group's label collapses all associated tabs into the label, removing them from the bar. A second click restores them to the bar. "This was the most popular feature request we heard from those of you using tab groups," wrote Alex Ainslie, Chrome's director of UX (user experience), in an Aug. 25 post to a company blog.
Ainslie said that Google was rolling out tab group collapse/expansion, meaning that it won't be available to everyone at once. To turn on the new feature manually, enter chrome://flags in the address bar and press Return or Enter. Search for the Tab Groups Collapse item and select Enabled from the menu list at the right. Finally, restart Chrome.
Google also introduced tab previews in Chrome 85, the Beta build. When the user pauses the mouse pointer atop a tab, a thumbnail of the page appears in a small pop-up, portraying what the tab leads to. Chrome 85 Stable users can manually engage previews by using chrome://flags and setting both Tab Hover Cards and Tab Hover Card Images to Enabled.
Google claimed that pages will load up to 10% faster in Chrome 85 after "Profile Guided Optimization" (PGO) was switched on.
This compiler optimization technology — a Microsoft invention — was first introduced for Windows in Chrome 53 in October 2016, when Google asserted it would make Chrome up to 15% faster. That initial effort used the Microsoft Visual C++ build environment.
In Google's latest PGO effort, the company's engineers expanded PGO from just Windows to include macOS by turning to the Clang build environment. Google will roll out — turn on, in plainer terms — PGO over time in Chrome 85.
Chrome 85 also suspended page painting in browser windows covered by other windows, a way to save on CPU processing and thus save on power consumption. Only some users will see this in the latest Chrome, however. Google promised a "full rollout" for Chrome 86, the next upgrade.
(This functionality has been pledged for what seems like ages. At one point, the page painting suspension had been on the to-do list of March's Chrome 81, only to get punted, first to Chrome 83 (May), and then to 84 (July) with roll-out to be finalized in Chrome 85.)
Other stuff, and enterprise too
According to Google, it will enable a new PDF-related feature in Chrome 85 "over the next few weeks." Users will be able to fill out PDF-based forms — account applications, for instance — from within the browser, then save the results. If the same PDF document is later opened, the already-entered information is retained, and the user can pick up where they left off.
Chrome 85 also continues the multi-version implementation of a blockade imposed on downloads from insecure sources. The first download category — executable files in .exe format, for example — were barred here with more to follow from Chrome 86 through Chrome 88.
On the enterprise side, the Legacy Browser Support (LBS) add-on is to be scrubbed from the Chrome Web Store during Chrome 85's run. "LBS is now built into Chrome, and the old extension is no longer needed," Google said.
(LBS was designed so IT admins could deploy Google's browser but still call up Microsoft's Internet Explorer (IE) when necessary to, say, render intranet sites or older, written-for-IE apps. LBS wasn't an emulator but simply a URL director, sending any links on an administrator-made list to IE for that browser to open.)
As of Monday, LBS remained on the Chrome Web Store. Google has labeled it as "Deprecated" in the extension market, however.
Google will release Chrome's next upgrade, version 86, on Oct. 6.
Google yesterday released Chrome 84, the first upgrade in almost two months, with changes to how some notifications are displayed and a restart of the SameSite cookie standard that was postponed this spring.
The search giant also paid out more than $21,000 in bounties to researchers who reported some of the 38 vulnerabilities patched in Chrome 84. One of the flaws was marked "Critical," Google's most serious threat ranking, with another seven, tapped as "High," the second-most dire. Google had not yet decided on rewards for the critical bug and four of the high.
Chrome 84's sole critical bug was reported to Google only on July 8 by researchers at 360 Alpha Lab, an arm of the Chinese security vendor 360. Google said that the vulnerability was a "heap buffer overflow" in the browser's background fetch.
Chrome updates in the background, so most users can finish the refresh by relaunching the browser. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. Those who are new to Chrome can download version 84 for Windows, macOS, and Linux directly.
Google updates Chrome approximately every six weeks; the previous upgrade was released on May 19.
Note: Google suspended Chrome releases in mid-March because of the coronavirus pandemic and its impact on businesses. Chrome 81 was slated to launch March 16 but was postponed three weeks. Google skipped Chrome 82 and resumed upgrade numbering with Chrome 83. The eight weeks between Chrome 83 and 84 was an unusual length of time; through year's end, Chrome will upgrade every six weeks.
Shutting up obnoxious notification demands
Just days into 2020, Google outlined a quieter notification system created after customers complained of irritating interruptions as site after site bombarded them with requests to enable in-browser notifications.
The plan then was that Chrome 80, slated to ship in early February, would kick off a less intrusive practice and a minimalist UI (user interface). But only a few received the changes. And then came the pandemic.
Chrome 84 finally institutes the revamped notification process, although it's disabled by default. To switch it on, users can head to Settings > Advanced > Privacy and security > Site Settings > Notifications, then toggle "Use quieter messaging (blocks notification prompts from interrupting you)" to block the usual notification pop-ups.
Previously, Google said it would automatically enable the quieter UI for those who "repeatedly deny" notification requests from sites. Google will also automatically silence those sites it decides to abuse the notification system.
Part of the new UI helps users defend themselves from repeated notification requests from the same website. A bell-style icon in the address bar – emblazoned with a strike-out – leads to a dialog that offers "Continue blocking" as a choice.
Chrome 84 includes other, somewhat similar, new features or functionality. Among them: warnings when executable files begin downloading from a secure page (one marked as HTTPS) but actually transfer the bits over an insecure HTTP connection. When Google announced the new alerts in early February, one of its security engineers noted, "These cases are especially concerning because Chrome currently gives no indication to the user that their privacy and security are at risk."
Five months ago, these warnings were to debut in Chrome 82, the upgrade Google skipped because of the pandemic. They were later rescheduled to start with Chrome 84. In the latest Chrome, .exe format files – called "executables" – downloaded over an insecure connection will trigger a warning only. In Chrome 85, now set to release Aug. 25, .exe files will be blocked from downloading over such connections.
Getting tougher on some cookies
Another function Google previously postponed made an appearance in Chrome 84: SameSite.
SameSite, which has also been promoted by rivals Mozilla and Microsoft, was designed to give website developers a way to control which cookies can be sent by a browser and under what conditions.
Under new classification rules, cookies distributed from a third-party source – not by the site the user is at, in other words – must be correctly set and accessed only over secure connections. Cookies without a SameSite definition will be considered as first-party-only by default; third-party cookies, like those an ad distributor tracking users, won't be sent if they lack the definition.
SameSite enforcement was always to roll out slowly, starting with a few users before expanding to larger and larger pools. First steps were taken with small numbers of Chrome 80 users early in the year, but with the impact of the pandemic, Google reversed course. Just days before Chrome 81's delayed launch, the Mountain View, Calif. company said it had paused the SameSite roll-out for fear that it might disrupt "essential services" rendered by the websites of banks, grocery stores, government agencies, and healthcare organizations.
At the time, Google said it would resume enforcement later in the year, perhaps over the summer.
That time has apparently come.
Google did point out that enforcement would be introduced over time. "To reduce disruption, the updates will be enabled gradually, so different users will see it at different times," the company said in release notes for enterprise users and administrators.
Other stuff, and enterprise too
Some Chrome 84 users, Google said, will see power savings as their browser suspends painting of pages that are obscured by other windows.
This had been on Chrome 81's to-do list at one point, but was punted, first to Chrome 83 and then to 84; Google blamed "incompatibilities with some virtualization software." The roll-out of this function will continue in next month's Chrome 85.
Enterprise admins who manage Chrome within their organizations can downgrade the browser to an earlier version. (See this support document for the necessary steps.) To assist in downgrading, Chrome retains one or more "snapshots" of User Data, also called the user's profile, that contains information including browser history, saved bookmarks and stored cookies. In Chrome 84, administrators can call the UserDataSnapshotRetentionLimit group policy to set the number of snapshots to be saved.
Chrome's next upgrade, to version 85, is slated to ship on Aug. 25.
Google this week released Chrome 83, picking up after skipping a version because of the COVID-19 pandemic, auto-upgrading eligible users to DNS-over-HTTPS (DoH), and enabling tab groups for everyone.
The search firm paid at least $76,000 in bounties to bug researchers who reported some of the 38 vulnerabilities patched in Chrome 83. Five were marked "High," the second-most serious in Google's four-level threat ranking, with three of those marked as "use after free" flaws. The first vulnerability listed, a use-after-free bug in Chrome's reader mode, earned researcher Woojin Oh a $20,000 reward.
Chrome updates in the background, so most users can finish the refresh by relaunching the browser. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. Those who are new to Chrome can download version 83 for Windows, macOS, and Linux directly.
Google updates Chrome every six to eight weeks; the previous upgrade landed on April 7.
Note: Google suspended Chrome releases in mid-March because of the pandemic and its impact on businesses. Chrome 81 was slated to launch March 16 but was postponed three weeks. Google skipped Chrome 82 and resumed upgrade numbering on May 19 with Chrome 83. Chrome 84 will be the next upgrade.
Tab grouping..., we really mean it this time!
Tab Groups, a feature that Google has been working on and testing for months, does what it says: Users organize tabs in the bar atop the browser by lumping together several tabs, each lump designated by color and name, adding new tabs and removing existing ones.
The feature was to debut in February's Chrome 80, then in a roll-out "throughout Chrome 81." Except it didn't. Google now says, "This has been rolled out to Chrome, Mac, Windows, and Linux users throughout Chrome 83," as in past tense. Except it hasn't: All of Computerworld's instances of Chrome 83 - both on Windows 10 and macOS - still lacked the tool.
Those without tab grouping can switch it on manually by entering chrome://flags in the address bar, searching for Tab Groups, changing the setting at the right to Enabled, and relaunching the browser.
Chrome 83 was also to be the final step in automatically upgrading eligible users to DNS-over-HTTPS (DoH), a security feature that Google and other browser makers like Mozilla have been implementing, each in their own way.
The DNS (Domain Name Service) requests from users whose DNS provider offers the defensive feature of transmitting that traffic over encrypted connections (hence, HTTPS) is to gradually roll out to all users during Chrome 83's lifecycle. The list of DNS providers that have DoH capability is relatively short, so not all Chrome users will get this. (The current list of providers can be found here, and includes names such as Cloudflare, Comcast, Google, and OpenDNS.)
In a Tuesday post to the Chromium blog, Kenji Baheux, product manager laid out Google's thinking on DoH and explained why it chose its approach. It's well worth reading.
IT admins can disable DoH with the DnsOverHttpsMode group policy or in the Google Admin Console.
But wait, there's more (privacy and security)
Not only has Google revamped the Privacy and security section's UI (user interface) within Settings, but the company has loaded Chrome 83 with a slew of new security and privacy features.
Note: As with so much else Google does in Chrome, some users will see these changes before others as the firm ladles out the tools piecemeal to a gradually expanding set. Impatient users can prematurely turn on some of the still-missing through the chrome://flags options page.
Google has started what sounded like a long-term project with Chrome 83 by offering what it calls Enhanced Safe Browsing Protection. This was billed as a build atop Safe Browsing - the 13-year-old blocklist and associated API - that began by warning users when they were headed to what was probably a phishing website and has expanded to cover, among other things, to-be-downloaded files.
The primary difference in Enhanced is that the new, more advanced feature would not anonymize the incoming data, in effect linking an individual to the specific sites visited or even attempted to access. "If you are signed in to Chrome, this data is temporarily linked to your Google Account," said a quartet of engineers on the Safe Browsing team.
While that may set off bells in the minds of privacy advocates, Google argued that it's necessary for a next-step in protection. "We do this so that when an attack is detected against your browser or account, Safe Browsing can tailor its protections to your situation. In this way, we can provide the most precise protection without unnecessary warnings," wrote Nathan Parker, Varun Khaneja, Eric Mill, and Kiran C Nair.
Enhanced Safe Browsing Protection will be slowly deployed to Chrome 83 users, after which it will appear as an "Enhanced protection" option under Safe Browsing in the Privacy and Security section.
The feature will gradually expand in what defenses it offers, the four engineers said. "We'll be adding even more protections..., including tailored warnings for phishing sites and file downloads and cross-product alerts."
Also on the books will be Safety check, actually a small set of security exams including one that scans the browser for blacklisted malicious extensions. The best in the bunch, though, does a Mozilla Lockwise-like look at the user's passwords, then flags accounts that had previously been involved in known data breaches. The check is supposed to show in the Privacy and Security section of the browser's settings.
Other privacy additions will include a by-default blocking of all third-party cookies when browsing in Chrome's Incognito (aka privacy) mode, a move is reminiscent of Mozilla's auto-blocking of Firefox's private browsing mode five years ago.
Elsewhere in the browser, Chrome users can now manage individual site cookies as well as individual cookies within a website. Options let users block all third-party cookies, block all cookies on just some - or all - sites, and block some of the cookies on some sites. Management is so granular, however, that it's unlikely that many will take advantage of the new control.
Google's AbdelKarim Mardini, a senior product manager, described these security and privacy changes and others in a long post to the Chrome blog, a rare instance of the Mountain View company outlining the new simultaneously with an upgrade's launch.
Chrome's next upgrade, to version 84, will release on July 14.
Google last week released the postponed-by-three-weeks Chrome 81, patching 32 vulnerabilities - plus one more on April 15 - and pledging to roll out a tab grouping feature to all users before the next upgrade lands in mid-May.
The California search firm paid at least $25,500 in bug bounties to researchers who reported some of the vulnerabilities. Three were tagged as "High," the second-most serious in Google's four-step threat ranking, and one - patched with build 81.0.4044.113 on Wednesday - was pegged "Critical," the rare top-most rating. The latter, as well as two of the High trio, were submitted by engineers at Qihoo 360, a Chinese security software developer.
Chrome updates in the background, so most users can finish the refresh by relaunching the browser. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. Those who are new to Chrome can download version 81 for Windows, macOS, and Linux here._
Google updates Chrome every six to eight weeks. It last upgraded the browser on Feb. 4.
Note: Google suspended Chrome releases in mid-March because of the COVID-19 pandemic and related disruptions, notable orders from companies, including Google, that sent home many employees to work remotely. Chrome 81 was originally slated to launch March 16 but was postponed three weeks. That pause, said Google, necessitated skipping version 82 and resuming upgrade numbering with Chrome 83, now set to release on May 19.
Tabs now form groups
The most prominent addition to Chrome 81, Tab Groups, is likely still invisible to most users. It was to Computerworld staffers running the browser.
Tab Groups, which has been under construction for months, essentially does what it says: Users organize tabs in the bar atop the browser by lumping together several, each lump designated by color and name, adding new tabs and removing existing ones.
The feature was to debut in February's Chrome 80 and may have in a small number of instances worldwide. It wasn't on Computerworld's numerous copies running under Windows 10 and macOS. Now, Google said, Tab Groups will roll out in Chrome 81, although it may not be immediately available by default.
"This will be rolled out widely to Mac, Windows, and Linux users throughout Chrome 81," Google said in these release notes, under the section title of "Introduction of tab groups for remaining users."
The impatient can manually engage Tab Groups by entering chrome://flags in the address bar, searching for Tab Groups, changing the setting at the right to Enabled, and relaunching the browser.
Tab Groups is easy to use: Right-clicking tabs now offers menu items to assign tabs to new or existing groups or remove tabs from those groups. Other actions let users name each group and/or select a color, which boxes the name and borders the tabs of that group; ungroup the tabs, or close all tabs in the group.
Chrome 81's tab functionality will be most useful to those who regularly wrangle a large number of tabs each session. Segregating tabs into collections brings some organization to what otherwise would likely be a randomized mess. Tab Groups' simplicity is its best characteristic since it's more likely the feature will be adopted into browser workflow.
But it's hardly a compelling reason to stick with Chrome or take it up, as some have argued. It lacks at least one crucial tool - a way to save groups, either singly or collectively, for later recall - and can be mimicked, even surpassed, by add-ons, such as Simple Tab Groups for Mozilla's Firefox. (Firefox had a tab grouping feature at one point - known as Panorama - but Mozilla scrubbed it from the browser in 2016 because it was used by so few.)
Browser rollbacks are now a thing
Many bits of Chrome 81 that are notable are not because they're there but because they aren't. If that's confusing, join the club.
Google had planned for several things to happen in Chrome 81, in particular, protocols that were to be dropped or skills it was to surrender or security moves it was supposed to take. A number of them, though, were canceled, at least for this version, presumably to reappear in a future upgrade.
FTP's back! Although Google said months ago that it would remove support for FTP (File Transfer Protocol) - an early Internet system for file transfer - in Chrome 81, and apparently did, it soon restored support. In an April 9 message on the Chromium bug tracker, a Google engineer wrote, "In light of the current crisis, we are going to 'undeprecate' FTP on the Chrome stable channel, i.e. FTP will start working again." FTP will be put on the chopping block "once people are in a better position to deal with potential outages and migrations."
TLS 1.0 and 1.1 not departing this mortal coil yet. As Computerworld noted previously, browser makers, Google included, issued reprieves for TLS (Transport Layer Security) 1.0 and 1.1, encryption protocols that were to be dropped in March.
Support for TLS 1.0 and TLS 1.1 will now be removed from Chrome 84, the upgrade scheduled to launch July 14.
SameSite enforcement put off. With Chrome 80, the version Google began distributing in early February, the browser was to begin enforcing SameSite, the standard pushed by Google, Microsoft, and Mozilla designed to give web developers a way to control which cookies can be sent by a browser and under what conditions. Cookies distributed from a third-party source - not by the site the user was at, in other words - had to be correctly set and accessed only over secure connections.
The SameSite enforcement was to roll out slowly, as most Chrome changes do, beginning around mid-February when small numbers of users would see their browsers take action. Enforcement was to expand to more Chrome users over time.
Now, that has all been reversed.
In an April 3 post to the Chromium blog (three days before Chrome 81 released), Justin Schuh, the director of Chrome engineering, said that "in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today."
Schuh said Google didn't want to chance destabilizing "essential services" rendered through the websites of banks, grocery stores, government agencies, and healthcare organizations. Google will resume enforcement down the road, perhaps over the summer, Schuh added.
Chrome's next upgrade, to version 83 - remember, Chrome 82 won't exist - is scheduled to debut on May 19.
Google this week released Chrome 80, beginning a promised process of locking down cookies and at the same time patching 56 vulnerabilities.
The California company paid at least $48,000 in bug bounties to researchers who reported some of the vulnerabilities. Ten were tagged as "High," the second-most serious in Google's four-step threat ranking. Half of those 10 were submitted by engineers of Google's own Project Zero team.
Chrome updates in the background, so most users can simply relaunch the browser to finish the upgrade. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. Those who are new to Chrome can download the latest for Windows, macOS and Linux here.
Google updates Chrome every six to eight weeks. It last upgraded the browser on Dec. 10, 2019.
Enforcement of cookie-control starts now
Last year, Google said it would clamp down on cookies - the small bits of code websites rely on to, among other things, identify individual users - using the SameSite standard. SameSite, which has also been pushed by Mozilla and Microsoft, was designed to give web developers a way to control which cookies can be sent by a browser and under what conditions.
With Chrome 80, Google will begin enforcing SameSite, said Barb Smith, a Google executive, in a Feb. 4 post to the Chromium blog. Cookies distributed from a third-party source - in other words, not by the site the user is at - must be correctly set and accessed only over secure connections.
"Enforcement of the new cookie classification system in Chrome 80 will begin later in February with a small population of users, gradually increasing over time," Smith wrote. Google frequently rolls out new features and other changes in stages, letting it verify that things worked as expected before expanding the pool of users. The company has set the week of Feb. 17 as the opening switch-on-SameSite salvo.
Also, as of Chrome 80, cookies without a SameSite definition will be considered as first-party only by default; third-party cookies - say, those from an external ad distributor tracking users as they wander the web - won't be sent.
It's complicated - for users, even IT admins, if not for developers - as this Google video demonstrates. But the result will likely be an aggressive push by Google, using the club of Chrome's dominance, to motivate site makers and other cookie distributors to get behind the SameSite standard.
SameSite is not Google's answer to the increasing anti-tracking positions being staked out by rivals such as Mozilla and Microsoft. Google has emphasized SameSite's security prowess - preventing cross-site request forgery (CSRF) attacks, for instance - not any privacy benefits.
That's no surprise.
No more notification nagging? That would be great
Chrome 80 also implemented the quieter notifications that Google pledged last month.
Rather than let sites place pop-ups on the page requesting permission to send notifications, Chrome 80 features an alarm bell icon with a strike-through near the right edge of the address bar. The first time Chrome presents the quiet UI, an in-browser dialog, which can be dismissed, will explain the feature.
Users will be able to engage the new notification UI manually using an option in Settings > Advanced > Privacy and security > Site Settings > Notifications. Toggling the "Use quieter messaging (blocks notification prompts from interrupting you)" switch turns on the pop-up blocker. Google has said it would also automatically enable the quieter UI for some. Those who "repeatedly deny" the notification requests will be auto-enrolled. Google will automatically silence some sites as well.
Not all users will see the less-intrusive notification requests immediately; although Google promised that Chrome 80 would launch the feature, Computerworld's copies of the browser did not yet show the new UI.
Tab groups supposed to begin to show
Tab groups are also supposed to debut in Chrome 80, but that, too, was not yet enabled by default on Computerworld's numerous copies running under Windows 10 and macOS. (The option to turn it on is behind chrome://flags: Search for Tab Groups, change the setting at the right to Enabled, and relaunch the browser.)
Last month, Google said that the feature - which does what it sounds like it does, organize tabs by lumping together several, each lump designated by color and name - should begin rolling out to users with Chrome 80 but finish that process with March's Chrome 81.
When it does appear - or after the browser's owner manually enables it - users can right-click tabs and choose new menu items to create groups, assign tabs to them or remove tabs from those groups.
Other additions to Chrome 80 were enterprise-centric as Google continued to enhance the browser's in-business skills, even more important of late as Microsoft introduced the Chromium-based Edge last month as an alternative.
Enterprise IT admins can enable or disable each type of synchronized data, ranging from History and Themes to Open Tabs and Passwords (just as individuals can do manually in Settings > Manage Sync.), using the newly-documented SyncTypesListDisabled group policy.
More management in Chrome 80 allows for a full blockade on employees trying to install external add-ons. Administrators can call on the BlockExternalExtensions policy to stop the practice. (Note: this does not block kiosk apps or extensions installed by the policy.)
Chrome's next upgrade, to version 81, is scheduled to ship on March 17, 2020.
Google this week launched Chrome 79, touting the browser's warnings when a site password may have been divulged and patching 51 vulnerabilities.
The California company paid $80,000 in bug bounties to researchers who reported some of the vulnerabilities. Two were ranked "critical," Google's top-most rating and eight were tagged "High," the next level down in the four-step ordering. One report of a critical vulnerability was submitted by engineers at Tencent Keen Security Lab, a subsidiary of the People's Republic of China-based Tencent; Google awarded the researchers $20,000. The other bug alert? That one came from inside the house, reported by Sergei Glazunov of Google Project Zero.
Chrome updates in the background, so most users can just relaunch the browser to finish the upgrade to the latest version. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. Those who are new to Chrome can download the latest for Windows, macOS, and Linux here.
Google updates Chrome every six to eight weeks. It last upgraded the browser Oct. 22.
Your password is kaput!
Google baked the functionality of its web-based Password Checker into Chrome 79 so that when the feature is enabled, the browser will alert its user if an entered password has been revealed by a prior data breach.
The online service, which examined the username-password combinations stored in Chrome's password manager and reported back the authentication pairings that have been exposed in publicly-known data breaches, went live in early October. (The web service remains available.)
With Password Checker, Chrome will pop up a warning when a username + password combination has been exposed by a hack. Just as when Computerworld spot-tested the checker two months ago, an alert did not always appear when it was supposed to. One site whose password had been reported in a breach failed to display a warning, while other sites - some relying on the same username + password - did offer an on-screen warning.
The alert contains a Check passwords button that, when tapped, opens the status of all saved passwords, showing those that have been disclosed and giving the user a way to change the password.