X
Tech

Chrome 67 is out: Password-free logins get closer, plus bug fixes, better AR-VR support

Google's Chrome 67 has new APIs for augmented reality and virtual reality, as well as support for WebAuthn spec.
Written by Liam Tung, Contributing Writer

Video: How to make Google Chrome faster: Five tips.

Google has released stable Chrome 67 for Windows, Mac and Linux, bringing 34 security fixes and default support for WebAuthn, the new specification aimed at killing off passwords.

As announced in April, Chrome 67 would be the first version of Chrome to enable support for WebAuthn by default, offering a way to sign up to websites using biometrics like fingerprints or facial images stored in a smartphone, or USB hardware like Yubikey's authentication device.

Chrome 67 also introduces support for the Generic Sensor API, a W3C specification developed by Intel, which expands the use of sensors from native apps to web applications in gaming, VR and AR, and fitness tracking.

Google suggests the accelerometer could use the motion of the device to move around in a 3D video. Other available sensors include the gyroscope, orientation sensor, and motion sensors.

See: How to build a successful developer career (free PDF)

Another feature in Chrome 67 that could help AR and VR developers on the web is the WebXR Device API. Google says this will help unify experiences across mobile VR headsets like Daydream or Samsung's Gear VR, and desktop headsets including Oculus Rift, HTC Vive, and the various Windows Mixed Reality headsets.

Besides games, the API caters to a range of other applications including immersive 360-degree videos, 2D or 3D videos presented in immersive surroundings, data visualization, home shopping, and art.

HPKP or HTTP public key pinning (HPKP), a web security standard developed by Google, has now been deprecated in Chrome 67. Google flagged this change last year, citing low adoption and the potential for abuse for its move away from HPKP in favor of Certificate Transparency.

Google is also widening the rollout of Chrome's site-isolation security feature, which is part of its mitigation for Spectre speculative side-channel CPU attacks.

Google notes that site isolation causes 10 to 11 percent higher memory use in Chrome 67 when isolating all sites with many tabs open. That's slightly down on the estimated 10 to 12 percent it observed in Chrome 65.

Finally, Google fixed 34 security bugs in Chrome, 24 of which were reported by external researchers. Google lists nine high-severity flaws, 12 medium-severity flaws, and three low-severity issues.

Previous and related coverage

Google's new Gmail security: If you're a high-value target, you'll use physical keys

Google will launch a new service to protect politicians and senior executives from sophisticated phishing attacks.

Windows 10 April 2018 Update battery test: Edge beats Chrome again, brags Microsoft

But the difference between Chrome and Edge has shrunk dramatically over the past two years.

Windows 10 April 2018 Update problems? Microsoft working on fix for Chrome issues

Microsoft says a fix is on the way for early adopters of the Windows 10 April 2018 Update with Chrome problems.

Google: Chrome is backing away from public key pinning, and here's why

Google wrote the HTTP public key pinning standard but now considers the web security measure harmful.

Google Chrome can now spot even brand new phishing pages

Google has rolled out two new tools to combat phishing, and upped Gmail security.

Editorial standards