Chrome 66: Get into the bin, auto-playing vids and Symantec certs!
Lucky 66 lands, complete with Spectre mitigations
Chrome the 66th is upon us and has added some features that Google previewed in months past.
One is the September 2017 decision to stop trusting Symantec’s digital certificates, ending a long dispute over the way the security vendor managed its partners’ PKI activities before June 2016. Chrome 66 will warn visitors to sites using the certs that their connection is not private.
Another addition is by-default blocking of auto-play content that includes sound. There are exceptions if users have indicated a willingness to encounter such content or already visited the site in the same browsing session, but the intent is to quieten pages that go straight for your ears. Which should see off plenty of pop-ups and the like.
Google buffs Chrome Enterprise with new tub of PartnerShine™READ MORE
"Site Isolation” also debuts in version 66, which when enabled, provides an extra defense against Spectre CPU design flaws, thanks to the new practice of ensuring “pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do.”
The outcome of that arrangement is that blocks of memory should not contain data from more than one web page, making it less likely that Spectre-style exploits could find something useful in RAM.
Chrome 66 also addresses 62 security issues, two of which are critical. Details of those two nasties – CVE-2018-6085 and CVE-2018-6086 – remain hidden for now, but both are titled “Use after free in Disk Cache”.
The new version will roll out in coming days and weeks. ®