[ad_1]
Google has started deploying Chrome 68 for Windows, Mac, and Linux. The version includes the Page Lifecycle API, the Payment Handler API and a modification of how the browser tags HTTP sites: Chrome 68 is the first version of the browser marked HTTP sites as so "non-scuriss" directly in the address bar.
Explaining this move in May, the Chrome team recalled that a large majority of Google Chrome traffic is encrypted. That's close to eighty-one out of 100 of the most important websites that are by default available in HTTPS. This is based on the impressive rate of site migrations to HTTPS and the sharp increase this year that Google decided to implement this measure in July, said Emily Schechter, head of Web browser security products. . And to add that he thinks that in July the scale will be far enough forward so that all HTTP sites can be marked as non-secure.
HTTPS is a more secure version of the HTTP protocol used on the Internet to connect users of websites . Secure connections are widely seen as a necessary measure to reduce the risk of users being vulnerable to content injection (which can lead to indiscriminate listening, man-in-the-middle attacks, and other data). Data is kept safe from third parties, and users can be more confident communicating with the right website.
Google has taken a number of initiatives to push HTTPS over the Web for years. However, the company accelerated its efforts last year by making changes to the Chrome user interface. Chrome 56, released in January 2017, began marking HTTP pages that collect pbadwords or credit cards as unsecured. Chrome 62, released in October 2017, began marking HTTP sites with entered data and all HTTP sites in private browsing mode as non-secure.
As a result, last year, more than 85% of Chrome traffic on Chrome OS and Mac were now HTTPS, while 76% of Chrome traffic on Android and Windows is also HTTPS.
With Chrome 68, here's how HTTP sites now appear in the address bar:
Here's how Google explains the underlying lide of this change: The new Chrome interface will help users understand that all HTTP sites are not secure and will continue to promote the adoption of secure HTTPS by default on the Web. HTTPS is easier and cheaper than ever, and it can unlock both performance improvements and powerful new features that are too sensitive for HTTP.
Unanimous Decision
This choice is controversial and likely to cause problems for many site owners, who will most likely receive complaints from some panic users. 19659002] Cloudflare rating indicates that 542,605 of the top 1 million sites do not use or redirect users to an HTTPS version, which means that a large number of users will likely see an "Unsafe" flag "and most of the sites they visit when they update to Chrome 68.
Next Steps?
Google no longer plans to display a" safe "flag and only displays an" unsafe "tag when users are on sites that do not have adequate security, such as those provided via HTTP.
In this regard, Emily Schechter explained that users should expect the Web to be secure by default, and they will be notified in the event of a problem. Since we will soon be flagging all HTTP pages as unsafe, we will remove the positive security flags from Chrome so that the non-defaulted state is safe. Chrome will be clouding over time, starting with removing the "Secure" label and the HTTPS schema in September 2018 (Chrome 69).
And going on to say that previously, the use of HTTP was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), we will start displaying the red unsafe warning when users enter data on HTTP pages.
Clearly, as of September 2018, Chrome will stop marking HTTPS sites as so securely in its address bar. Then, in October 2018, Chrome will display a red label Not safe when users enter data into HTTP pages.
Other improvements and security
Chrome 68 provides tactical blocking mechanisms often used by users. For example, Chrome is now blocking built-in iframes that attempt to redirect the entire parent page to another URL. These changes have been progressively implemented since Chrome 64 and have been fully deployed.
The only way in which an iframe will be allowed to redirect the main page to a new URL is only if the user has directly interacted with the iframe. Since most iframes used in malicious advertising campaigns are typically posted off-screen, this change should prevent malicious ads from redirecting users to new sites, while allowing SSO sign-in pages or similar technologies to work as intended.
Then, Chrome now completely blocks the Tab Under. The Tab Under consists of embedding a one page script for a new tab to appear with an advertisement or other site over the page you are visiting. For these sites, it is a question of forcing the user to visit the page of an advertiser or partner and to generate consequent income. A technique that is very widespread and that you probably have already fallen into.
Google first announced the blocking of Tab Under last year and launched a first blocking mechanism in Chrome 65. Today, Google officially announces this feature, which will display warnings like the one below each time it blocks a site trying to duplicate its tab and use it to display ads.
Chrome 68 also implements 42 security patches.
With With more than a billion users, Chrome is both a browser and a major platform that web developers must take into account. In fact, with Chrome's regular additions and changes, developers often check to make sure they are aware of everything that's available, as well as what was abandoned or deleted at the same time.
You can update the latest version by using Chrome's built-in update program or download it directly from google.com/chrome.
Sources: Chrome Blog, Web Developer Blog (Chrome)
And You?
What do you think of the direction taken by the Chrome team?
What are the features that interest you the most?
See also:
Google deploys site isolation for 99% of Chrome users on Desktop, to add additional security level
Picture-in-Picture API integration to display floating videos: tests are underway with Chrome, Apple is also interested [19659025] Chrome: Google has decided to mark all HTTP sites as unsafe, the measure will take effect in July
Chrome will no longer display the Scuris label for HTTPS connections, as of September 2018
[ad_2]
Source link
