Chrome continues to dominate the browser market, leaving rivals to swallow their pride and scramble for the leavings.
Now with nearly 69% of the world’s browser user share – a measure of browser activity calculated monthly by analytics vendor Net Applications – Google’s Chrome has no peer. Rivals like Mozilla’s Firefox fight over scraps while Microsoft has tossed in the towel and adopted Google’s Chromium technology to remain competitive.
It’s no surprise that when Chrome speaks, everyone listens, whether about each browser upgrade – something Computerworld tracks in the What’s in the latest Chrome update? series – or about Google’s plans for the future.
Chrome 79: Password, please!
“We will notify users if their credentials are part of a known data breach,” Google said, pegging the feature’s introduction to the Dec. 10 upgrade. (Around the release of Chrome 77 – back in September – Google had projected a launch in Chrome 78, which debuted this week. Later, word came that it had been postponed to v. 79.)
Details are still on the lighter side. Unlike Mozilla, which added a similar feature to Firefox 70 – also released Oct. 22 – Google has not publicly detailed this yet.
Some information can be found here, however, and here.
Enterprises will be able to manage this notification with the PasswordLeakDetectionEnabled group policy. A bit more info about that policy is available here.
Chrome 79: Testing, testing DoH, 1-2-3
Both Google and Mozilla have been thumping the DNS-over-HTTPS (DoH) drum as a way to better secure communications between browser and DNS (Domain Name Service) server. The browser pings a DNS server to determine the IP (Internet protocol) address of the destination website’s domain (the part, for instance, before the .com or .org) and normally that traffic is transmitted in plain text, making it easily readable by someone monitoring a public Wi-Fi network. Criminals can even intercept bits flying between the browser and DNS server, then insert bogus addresses that steer an unwary user to a malicious site.
By transmitting DNS communication over an HTTPS connection – which is encrypted – crooks can’t spy or spoof.
With Chrome 79, Google will run a trial where DNS requests from some users will automatically be switched to their DNS provider’s DoH service if one is available. (Not all DNS providers offer a DoH resolver.)
But managed browsers – those joined to a domain or that have at least one active group policy – won’t auto-upgrade to DoH. Enterprises will also be able to control the DoH experiment through a new policy, DnsOverHttpsMode.
More information, including the short list of affected DNS providers, can be found here.
Chrome 79: Hey you tabs! Freeze!
To reduce the browser’s memory usage and its impact on notebook batteries, Chrome 79 will automatically “freeze” tabs that have been in the background for five or more minutes. “Frozen pages are not able to run any tasks,” said Google.
Some tabs won’t be frozen – Google cited ones playing audio – and website developers can opt their pages out of such freezing. Then, once a user makes a background tab active, it’s thawed so it reacts to input.
Enterprise IT administrators will be able to disable tab freezing with the TabFreezingEnabled policy.
Chrome 79 and 81: Wave goodbye to TLS 1.0 and 1.1
At the start of October, Google laid out plans to deprecate legacy versions of the TLS (Transport Layer Security) 1.0 and 1.1 cryptographic protocol used to encrypt transmissions between browsers and website servers.
“We’re announcing a pre-removal phase in which we’ll introduce a gentler warning UI [user interface] and previewing the UI that we’ll use to block TLS 1.0 and 1.1 in Chrome 81,” wrote Chris Thompson of Chrome’s security team on Oct. 1.
Starting Jan. 13, 2020, Chrome 79 will begin showing a “Your connection to this site is not fully secure” message when users connect to a site safeguarded by the outdated protocols. Chrome 81 – a March debut, Thompson said – will amp the pressure by inserting a full-page warning that the connection is not secure.
Enterprise IT can disable these Chrome 79 and 81 warnings with the SSLVersionMin policy. Setting that policy to “1” allows Chrome to connect to 1.0- and 1.1-encrypted sites sans alerts.
The SSLVersionMin policy will work until January 2021, Google said.
Chrome 80: Tab groupie
“Users will be able to organize their tabs by grouping them on the tab strip,” Google said. “Groups can have colors and names. They’ll help your users keep track of their different tasks and workflows.”
Tab groups have been in the works for months, but Google currently plans on launching the feature in Chrome 80, set to release around Feb. 21-28, 2020 (Google has not yet extended its Chrome release calendar into next year, so the dates are only an estimate). “Tab groups” are just what they say they are: an organizational trick to lump together multiple tabs, each such lump designated by color and name.
Users of Chrome 78 can dabble with tab groups by entering chrome://flags in the address bar, pressing Enter or Return, finding the entry Tab Groups and setting it to “Enabled.” Chrome must be relaunched for it to take effect. Using right-clicks and the menu choices that then appear, users can create groups, then assign tabs to or remove tabs from those groups.
Chrome 80: RIP FTP
FTP, for File Transfer Protocol, is an ancient protocol that transfers files over an unencrypted connection. More telling, it’s little used.
Beginning with Chrome 80, Google’s browser will stop supporting FTP. (This is something Google’s been working toward for ages.) Instead, IT administrators should steer their charges to a native FTP client.
Google’s given FTP a short grace for those managing through group policies: Enable FTPProtocolSupport and FTP will be restored until Chrome 82 – figure that will debut in April – really kills the protocol.