The latest version of Google Chrome is rolling out today for Mac, Windows, and Linux. Chrome 68 continues the push to boost HTTPS adoption on the web and reduce redirects to unwanted sites. Behind flags, Google is preparing a big Material Design refresh for desktops.
Version 68 will label all HTTP sites “Not secure” to the left of the address bar. This is the latest step in Google’s push to increase HTTPS adoption, with HTTP sites in Incognito mode marked by the label last October. The current warning features a gray “info” icon and text that will morph into a red badge and description later this year when users enter any data on an HTTP page.
Google first announced this plan two years ago, and notes the increase in HTTPS adoption by platform:
- 76 percent of Chrome traffic on Android is now protected, up from 42 percent
- 85 percent of Chrome traffic on Chrome OS is now protected, up from 67 percent
- 83 of the top 100 sites on the web use HTTPS by default, up from 37
While single-sign-on providers and payment processors use iframe redirects to properly function and navigate to different sites, this capability can also be used nefariously. New Chrome 68 protections defend users against iframe redirects to unwanted sites by requiring a user action before navigating to content with a different origin.
Similar to pop-up blocking, you will see a Chrome UI to confirm the redirect. The change also applies to “tab-under” when a page opens another window to the intended destination, while navigating the original tab to nefarious third-party content.
Chromium’s Certificate Transparency policy asks Certificate Authorities to maintain publicly available logs for all SSL certificates issued. This move is aimed at allowing Chrome and other security researches to verify that best practices are maintained. With Chrome 68, all certificates issued after April 30, 2018 have to include Transparency logs.
Thanks to the Page Lifecycle API, web developers can suspend background pages and tabs when requested by the operating system. While Android, iOS, and other modern operating systems already feature this capability, the web is lacking this method of managing device resources.
On the web, there has historically been no such lifecycle, and apps can be alive indefinitely. With large numbers of web apps (and tabs) running, critical resources such as memory, CPU, battery, and network can be oversubscribed, leading to a bad end-user experience.
Tablet Chrome OS devices gained a more touch-optimized experience in version 67. Google is developing a similar new look for desktop platforms that introduces rounded tabs, buttons, and a pill-shaped Omnibar that reflects the new curvature found on recent Google updates.
Meanwhile, subtler tweaks include a floating effect for Omnibar dropdowns, prompts, and moved avatar and New tab icons. It’s not clear when Google is planning to launch this redesign.
Chrome 68 for desktops is available now, with Android and Chrome OS following shortly.
FTC: We use income earning auto affiliate links. More.