Google this week boosted Chrome to version 71, the last refresh of 2018 and one that includes punitive measures against sites spewing what the search giant described as “abusive experiences.”
Chrome 71 also patched 43 security vulnerabilities reported by outside researchers, who were paid $59,000 in finders’ fees.
Chrome updates in the background, so users can typically just relaunch the browser to install the latest. To manually update, select “About Google Chrome” from the Help menu under the vertical ellipsis at the upper right; the resulting tab either shows the browser has been updated or displays the download process before presenting a “Relaunch” button. New-to-Chrome users can download it from this Google site for Windows, macOS or Linux.
The Mountain View, Calif. company updates Chrome every six to seven weeks. It last upgraded the browser on Oct. 16.
Slapping some sites with total ad embargo
A month ago, Google ran an ad-raid drill, telling Chrome users, “Starting in December 2018, Chrome 71 will remove all ads on the small number of sites with persistent abusive experiences.” (Google defines abusive experiences here.)
Removing all ads could, of course, easily put an advertising-dependent website on the poor farm. That’s the point. Through Chrome – which dominates the Web – Google has been shaping online to its taste, often using the browser as a bludgeon to punish sites or practices it feels are hostile to customers or noxious to itself.
Auto-play policies, meet Web Audio
Chrome 71 started the process of synchronizing the already-in-place auto-play rules in Chrome – which generally, though not always, block ads from blaring sound from a PC’s speakers as soon as a site renders – with the Web Audio API (application programming interface).
According to Google, the sync has not yet been enabled, but is tucked behind one of the option flags which can be set in the UI at chrome://flags.
At its most basic, the API can be used by site and app developers to add audio to their creations. Currently, only Chrome – via the Chromium open-source project, which feeds code to the production browser – supports Web Audio.
Chrome, like rival browsers, has been hammering against sites’ auto-playing audio because of user complaints that the blaring is annoying at best. Most of the auto-play instances have been initiated by advertisements, another reason people have become increasing fed up with the Web and its underpinnings. The move to make Web Audio follow Chrome’s standard auto-play practices can be seen as simply an expansion of a long-running battle.
Third-party code blocking delayed again for enterprise users
Google also patched 43 vulnerabilities in version 71, including 13 marked “High,” the second-most serious ranking in its four-step system. The company cut checks totaling $59,000 to researchers who reported 28 of the bugs.
In the enterprise edition of Chrome, a well-publicized decision this summer that the browser would soon block all third-party code injections has been put on indefinite hold. Billed as a stance on security and stability, the anti-injection mandate was, Google said in October, to go into effect by default with Chrome 71. Not so.
“Due to an issue with anti-virus file scanning, we’re delaying this change until we have a solution that better covers customers’ needs,” Google said in the v. 71 enterprise version release notes.
This move has been postponed more than once; it was to roll out for enterprise customers in Chrome 68 (July), then in Chrome 69 (September).
Chrome’s next upgrade, version 72, will reach users on or about Jan. 29, 2019.