Google releases Chrome 71 with a focus on security features

Google improves Chrome's ability to filter abusive ads and detect shady mobile subscription forms.

Google has published today Chrome 71, the latest version of its web browser, a release that is primarily focused on bolstering Chrome's security posture.

There are quite a few updates on the security front in this new Chrome version, but one of the most important is the one made to Chrome's built-in ad filtering system.

Announced at the start of November, last month, this update will improve Chrome's ability to detect websites that show overly aggressive or misleading ads and popups --which, Google said, creates "abusive experiences" for Chrome users. We won't go over these modifications in fine details again, but for more details, readers can check out ZDNet's previous coverage, here.

Secondly, also starting with Chrome 71, Google also announced its intention to crack down on websites that use shady tricks to fool users into subscribing to mobile subscription plans.

Google plans to show a full-page warning --similar to the ones shown for HTTPS errors-- before users access these types of sites.

chrome-71-warning-page.png
Image: Google

But there's more. To prevent tech support scam websites from using the Speech Synthesis API to scare users into calling shady tech support call centers and paying for unnecessary tech support services, Google has also restricted websites' ability to "speak" after a page has loaded.

Starting with Chrome 71, users must first interact with a web page before a site can trigger a "speak" event. Google has been working on fixing this problem for at least ten months, and while it won't completely stop tech support sites from playing audio, it will seriously hinder their efforts.

Further, another security-related change is the final removal of the Inline Install API, a Chrome feature that allowed users to install Chrome extensions hosted on the official Web Store, but while navigating other websites.

Google previously disabled inline installations in Chrome 69, in September. The company's engineers are now just finishing the API's deprecation process by removing the actual code responsible for this feature. This is a necessary last step to prevent sites from exploiting Chrome bugs to initiate unauthorized inline installations.

And last but not least, Chrome 71 also includes fixes for 43 security issues, detailed in more depth here.

But besides security improvements, Chrome 71 also shipped with many updates to the browser's underlying Web APIs and CSS features. A summary of the most important changes are available below:

  • Chrome now supports relative date formats by default, without site owners needing to use a third-party JavaScript library. The relative time format refers to dates expressed such as "4 seconds ago," "today," "two years ago," etc..
  • Chrome now supports Microsoft's COLR/CPAL font format. This is the third "color font" format that Chrome will support, after CBDT/CBLC and SBIX. Color fonts are a new way of creating and rendering vector-based interactive fonts.
  • The Web Audio API now follows user-set audio autoplay settings. This means that when a user mutes a website, Chrome will actually respect the user's wish. Google initially rolled out audio autoplay muting earlier this year, but engineers rolled back the change almost immediately because the new policy also broke many old web games. After giving developers time to adjust their sites and old web games, Google has now re-enabled that feature.

The full details about all the developer-centric changes are available in these two Google blog posts [1, 2], but also summarized in the video below:

With today's release, Chrome's new version number is 71.0.3578.80. Windows, Mac, Linux, and Android users should be able to install the update using Chrome's built-in updater. The full Chrome 71 changelog is available here (slow-loading link).

More browser coverage: