Chrome 70 introduces more control over security features
The desktop version of the browser gains several new security related features to build on the major facelift unveiled in Chrome 69 to mark its tenth anniversary.
Version 69 introduced an unpopular simplified login process for all Google-owned sites, which basically meant the user was automatically signed into the browser when logging into Google-owned accounts such as YouTube or Gmail. While the feature remains the default option, users can switch it off via Settings > Advanced > Allow Chrome sign-in while signed out of the browser.
Windows users gain support for Progressive Web Apps (PWAs), which are apps that can be launched independently of Chrome (via the Start menu for example) without an address bar or tabs. Mac and Linux support is slated to arrive in Chrome 72.
The update introduces the AV1 video decoder, which promises to improve compression efficiency by over 30 percent when compared to the VP9 codec, which it should eventually replace. It also ships with the finalized version of the TLS 1.3 encryption standard.
The Web Authentication API has also been updated to allow developers to add touch-based authentication support using supported macOS and Android fingerprint sensors. Another API, Web Bluetooth, has also been updated to support Windows 10 in addition to other platforms.
The AppCache system for storing website and local data on the user’s storage has been revamped, with websites unable to retrieve data from the cache unless using the secure HTTPS protocol.
Two features reported elsewhere appear to be missing from the actual release -- we assume these will be rolling out shortly. The first was the promise of a revamped UI for users’ sync accounts, which would provide a clear indication of whether they’re signed in and whether sync is enabled or not. This -- when it finally appears -- will be listed above the user name in the sync pop-up dialog.
Also not yet apparently active is the promised option for restricting the behavior of plugins that demand "host permissions", namely the ability to automatically read and change data on websites. Users will -- when the feature rolls out -- be able to choose a specific setting controlling the plugin’s access: when clicked (temporary access to the site this time only), the current website (permanent access to that site) or all websites (no restrictions). This will be set via the This can read and change site data option in the extension’s context menu.