Chrome 69 was a massive update as it brought a brand new desktop and mobile interface. Now that the v69 is stable, the beta channel has been updated to version 70. This is not as big of an update as the previous version, but it still has some important improvements – especially for security.
Web authentication improvements
Chrome 67 added first support for the Web Authentication API, allowing sites to use users other than username and password to log in. For example, you can use a fingerprint or a Bluetooth key (like Google Titan) as the only login method. However, the feature was limited to Chrome on desktop platforms.
In Chrome 70, the API is enabled by default on Android. When you visit a website that supports web authentication, Chrome asks you to use a security key. Google says that fingerprints will work (both on Android and Mac with Touch ID), but I failed to test it.
Form Detection API
The form-recognition API is in Chrome 70 as an "original test", which means it's not ready for widespread use. The API can detect three types of objects in images – faces, barcodes, and text. Currently, platform-to-platform compatibility varies because this requires the host operating system to have the appropriate object detection APIs. Android and macOS support all three objects, but Windows 10 only supports face and text detection.
You can try a demo of the Shape Detection API here.
Transport Layer Security, or TLS for Cards, is the protocol that enables you to securely transfer data over the Internet. When you are on an HTTPS site, the data is most likely sent over TLS. Chrome 70 includes support for version 1.3 of TLS, which was finalized last month.
A list of the changes can be found here, but in summary it improves both efficiency and safety. Fewer round trips are required to establish a secure connection, so you can see a slight improvement in load time (if your site supports TLS 1.3). Here is a graphical representation of the change from CloudFlare:
TLS 1.3 also drops support for some older features, as support for SHA1 and MD5. Google said this on the Chrome Platform Status Platform:
TLS 1.3 was a multi-year project that spans contributions in industry, academic research groups and other participants in the standard process. We have previously experimented with earlier draft standards, and with the final standard done, it's now happy to send it to Chrome.
Firefox v60 added support for TLS 1.3 (draft 23), released in May this year. CloudFlare has also supported the standard since May.
As always, Chrome includes 70 changes for both users and developers. Here are some minor features provided with this update:
- Decoder for AV1 video is now enabled by default on all platforms.
- Speech synthesis API will no longer work unless the page has interacted. This is usually used by spamware popups on mobile since it was not included in Chrome 66's new autoplay policy.
- If a page is in fullscreen mode and shows a popup, the page is now fullscreen.
- AppCache no longer work on non-HTTPS pages.
- On Android devices, the OS number (e.g., & # 39; NJH47F & # 39;) is no longer in the User Agent string to prevent fingerprints. Chrome on iOS will freeze the building number on & # 39; 15E148 & # 39; instead of removing it completely, to follow Safaris implementation.
- Opus audio is now supported in MP4, Ogg and WebM container files.
- WebUSB now uses dedicated worker contexts that should improve performance.
- Web Bluetooth now works on Windows 10.
- There is a new sync dialog on desktop platforms (Thanks Edric).
APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and not manipulated in any way. Instead of waiting for Google to push this download to your devices, which can take days, download and install it just like any other APK.