Google last week updated Chrome to version 77, patching 52 security flaws, offering tab sharing and dumping an address bar indicator that the destination site was using more expensive digital certificates.
The company paid out $34,500 in bug bounties to the researchers who reported some of those vulnerabilities. Eight of the flaws were ranked “High,” the second-most-serious category in Google’s four-step ratings, and one was marked with rarely-used top-most “Critical.” The latter was submitted to Google by a security researcher with Qihoo 360, a company based in the People’s Republic of China that distributes a browser by the same name. (The Qihoo 360 browser relies on the same Chromium-developed technologies as does Chrome.)
Because Chrome updates in the background, most users just need to relaunch the browser to finish the upgrade. To manually update, select “About Google Chrome” from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a “Relaunch” button. New to Chrome? Download the latest in versions for Windows, macOS and Linux from here.
Google updates Chrome every six to eight weeks. It last upgraded the browser July 30.
Not a lot of visible changes
Chrome 77 is another of those upgrades where visible changes are in short supply, where engineers advanced development tools, tweaked the browser’s underbelly or pushed through performance improvements.
The browser did ditch the Extended Validation (EV) certificate indicator in its address bar. EVs, unlike run-of-the-mill digital certificates, can be issued only by a select group of certificate authorities (CAs). To acquire one, a company must go through a complicated process that validates its legal identity as the site owner. And they’re more expensive.
The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for example, was owned by its legal proprietor, IDG, and not a fishy – and phishy – URL run by Crooks, Grifters & Scammers LLC and brimming with attack code. Browsers rewarded EV-secured sites with visual cues, notably the verified legal identity in the address bar and the color green.
Google has questioned EVs’ usefulness, though. In a document that announced the demise of EV in-browser notifications, Google said, “Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection.”
The EV indicator was moved in Chrome 77 to the Page Info pop-up, which appears when the user clicks on the padlock icon at the far left of the address.
Share tabs, spice up the browser with a background
Also in Chrome 77, Google added a tab-sharing tool that doesn’t ask users to open the browser’s history pane. Instead, users can right-click on a tab and select the “Send to name of other device in the ensuing menu. Like any of Chrome’s sharing feature set, of course, this requires the user to be logged into Chrome on the other device(s).
Another new feature in Chrome 77 is a background customizer for the browser’s new tab page.
Although others noted that, while promised, the new page customizer was absent, Computerworld encountered it after installing Chrome on a Windows 10 Pro virtual machine, hinting that it may be part of the browser’s “out-of-box” experience but not yet enabled for existing copies. (For example, a copy running on macOS did not display the customizer.) Although Google frequently practices a staged roll-out of Chrome features – gradually enlarging the pool of users given the new shiny – the omission may mean it was bagged for some reason for current copies.
Chrome 77’s new tab page lets users – new users only, from what Computerworld found – choose from pre-selected backgrounds for the browser. These are now themes or skins; the backgrounds only appear on the new tab page.
Users can select from collections of provided images – landscapes, geometric patterns, solid colors and the like – or upload one of their own to use as a fill-in background on the new tab page. (The image is not akin to a Firefox theme or a skin of some kind, as it appears only on the new tab page.)
Elsewhere, Google added a new performance metric to site designers’ toolboxes. Dubbed “Largest Contentful Paint,” it measures the time it takes Chrome to put the main content of the page in front of users’ eyes.
“We’ve found that a more accurate way to measure when the main content of a page is loaded is to look at when the largest element was rendered,” reported Google engineer Philip Walton in an early-August post to the Web.Dev site, when he touted the new metric as better than earlier measurements such as load or First Contentful Paint. “The Largest Contentful Paint (LCP) API, available in Chrome 77, reports the render time of the largest content element visible in the viewport.”
Walton also pointed site designers to links with additional information on how to improve the LCP measurement.
Chrome’s next upgrade, version 78, should reach users on or about Oct. 22.