Security Is Top Priority In Latest Chrome Build

Back in February, Google began experimenting with a new feature that defaulted all URLs to use “https:” rather than the less secure “http:.”

While defaulting to the secure socket layer isn’t ironclad protection for ‘netizins, it’s certainly a step in the right direction, which is why Google recently promoted the change out of the canary builds and into the mainstream.

Right now, if you download and install Chrome 90, you’ll find that this protection is automatic. You don’t have to do anything beyond installing Chrome 90.

In addition to offering the protection outlined above, Chrome 90 also includes nearly 40 security fixes, including resolving 3 low-severity flaws, 10 medium-severity flaws and six high-severity issues.

Finally, Chrome 90 includes the AV1 encoder, which provides enhanced support for a number of video-conferencing applications including Webex, Meet, and Duo. Among other things, AV1 offers improved screen sharing capabilities and allows users on low bandwidth networks to utilize video.

All that to say, Chrome 90 is an update you don’t want to miss. If it’s been a while since you paid attention to Chrome updates and you’re a bit behind the times, this is one upgrade you’ll definitely want to make a priority. While nothing in the build is particularly flashy, it does provide solid protection. That, combined with the fact that it addresses a wide range of security issues as described above, and includes a raft of other enhancements makes it well worth getting.

Kudos to Google for continuing to put user security front and center and making it an integral part of their product improvement road map. While it’s true that there are other companies out there that are even more active when it comes to bolstering user security, the number is small enough that you could probably count them on one hand with fingers left over.

HTTPS Becomes Default For Google Chrome For Added Security

For the last month or so, Google has been testing the notion of using HTTPS as the default protocol for all URLs a user types into the address bar. Those who have been experimenting with Chrome’s latest Canary build have already seen the new feature in action, and the company has decided to forge ahead.

In the next stable release, it will be formally incorporated into Chrome’s browser experience. Android users can expect to see it when they update to version 90, which is slated to be released on April 13. The iOS rollout is scheduled for an unspecified date later this year.

This is all a part of Google’s ongoing effort to bolster safety on the internet. In this specific instance, the goal is to attempt to thwart “man in the middle” attacks that see hackers intercept un-encrypted web traffic and either steal data or inject malicious code into the data stream.

Chrome team members Shweta Panditrao and Mustafa Emre Acer explain further:

“Chrome will now default to HTTPS for most typed navigations that don’t specify a protocol. For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure).”

If you’re interested in testing the upcoming feature before it reaches the stable channel, you can do so by enabling the ‘experimental’ flag. Just go to:

chrome://flags/#omnibox-default-typed-navigations-to-https

And enable the option to have HTTPS as the default navigation protocol. Once there, you’ll also have the option to choose either a 3-second or a 10-second timeout to give the browser enough time to determine the availability of the HTTPS URL.

This is an unquestionably good change. Kudos to Google. We’re looking forward to seeing it in the stable release.

Memory Savings Improvements Makes Windows 10 Google Chrome Faster

If you’re a Google Chrome user, and you’re interested in maximizing the overall performance of your system, then Google’s recent announcement about their browser is sure to make you smile.

The release of Chrome 89 includes enhancements design to make it run notably faster on Windows 10 and use significantly fewer resources on both Android and macOS-driven devices.

According to the company’s most recent claims, in testing, in the Windows 10 environment, they saw up to 22 percent percent memory savings when measuring the browser process. They saw another 8 percent percent reduction thanks to improvements in the renderer, and a further 3 percent percent reduction in the GPU thanks to improved memory allocation. If those numbers even come close to being replicated in real world conditions, that represents a significant improvement indeed.

If you’re a macOS user, then the newest version of Chrome will give you a more modest memory savings. Even so, an 8 percent improvement is nothing to sneeze at, and version 89 will also include a new tool designed to help you keep your Mac cooler, courtesy of its tab throttling feature. Again, based on the research from Google’s engineering team, they’re reporting up to a 65 percent improvement on the Apple Energy Impact score in the macOS Activity Monitor for background tabs when employing this feature. That’s certainly impressive in its own right.

Finally, if you’re an Android user, you can expect to see a 5 percent reduction in memory usage, a 7.5 percent faster browser startup and 2 percent faster page loads. That might not make a big difference on any particular page, but over the course of an entire work day, it amounts to a substantial improvement.

Also note that the latest version of Chrome for Android comes with a new feature called ‘Freeze-Dried Tabs, which helps the browser start up 13 percent faster. All things considered then, Chrome 89 should be high on just about everyone’s wish list.

Internet Browsers Blocking Some Ports Due To Security Vulnerabilities

If you rely on TCP port 554, you’ll probably want to do a bit of reconfiguration.

Last year, security researchers discovered a new version of the NAT Slipstream vulnerability that allowed hackers to deploy malicious scripts in order to bypass a website visitor’s NAT firewall and access any TCP/UDP port on the visitor’s internal network.

If this issue sounds vaguely familiar, it’s because this isn’t the first time it has come up. When the issue was first reported, Google released Chrome 87, which began blocking HTTP and HTTPS access to TCP ports 5060 and 5061. Then in January of this year (2021) Google expanded their efforts, blocking HTTP, HTTPS, and FTP access to ports 69, 137, 161, 1719, 1720, 1723, and 6566.

Google has, in the past, also blocked port 554, but when they did so initially, they received push back from Enterprise users who asked that the port be unblocked. Google did so, but have now reversed course, and port 554 is once again on the blocked list.

It should also be noted that Google isn’t alone. In addition to Chrome 89, Firefox 84+ and Apple’s Safari browser are already blocking Port 554. So if you host a website on any of the ports mentioned above, you should reconfigure to allow visitors to continue to have unfettered access. Obviously, if you don’t currently utilize that port there’s nothing to do here. If you’re not sure, you will be soon enough, because you’re apt to get complaints from users who can no longer access your site or whatever web-based application you’re running that relies on it.

Despite some back and forth on the matter, this appears to be the path forward. So kudos to Mozilla, Google and Apple for getting on the same page and putting a halt to the threat, even if it took a bit longer than usual for the major forces in the browser ecosystem to all wind up on the same page.

Google To Add Password Breach Prevention Feature To Android

If you’re a Google Chrome user, then you’ve probably already used or at least seen the Password Checkup feature in action.

It’s the little popup box you see when you type in a password to a website that requires a login and Chrome detects that the password has been compromised. At that point, you’ll get a helpful box asking if you’d like Chrome to check all of the other passwords you’ve saved into the browser.

It’s a good feature and it will definitely help keep your passwords more secure.

Even better, Google has now rolled that feature out to Android users. It’s the same idea, but with a slightly different implementation. In this case, the check will occur when you log onto a site from your Android device using a password stored in the Android OS. The OS will perform a quick check of the password in question to see if it gets flagged, by searching through its constantly updated database of passwords that have been impacted by a data breach. It will let you know if your username and password came up in its search.

Just like Google Chrome does, it will then offer to check all of the passwords you’ve stored in the Android OS. It’s a good feature in Chrome and a welcome addition to the Android OS. Best of all, it creates a more seamless user experience as you hope from your favorite Android device and back to your PC.

If you’re interested in checking it out, and you’re using Android 9+, just open your phone’s Settings App, tap “System,” “Languages & Input” and then “Advanced.”

Once there, tap the Autofill service, and then tap Google to make sure the setting is enabled. Follow those simple steps and you’ll increase your password security on your phone. Kudos to Google for the addition.