Chrome seems to update itself on most computers within a day or so of a new release, but you can usually trigger an update by opening the browser’s menu (the three-vertical-dots icon at the top right) and navigating to Help > About Google Chrome.
Five security issues and a few dozen other bugs are addressed in Chrome’s latest release, version 57.0.2987.133. See the full change log for details. Chrome usually does a good job of updating itself, but you can prod it by clicking the ‘three dot’ menu icon and navigating to Help > About Google Chrome.
About twenty bug fixes and minor changes made it into the latest version of Chrome, 57.0.2987.110. None of the changes seem to be related to security. The announcement doesn’t mention anything about what changed, but the full change log — refreshingly small this time — lists all the changes in detail.
The latest version of Chrome includes fixes for thirty-six security vulnerabilities.
There are numerous other changes in Chrome 57.0.2987.98. Google didn’t see fit to highlight any of them in the release announcement, so you’ll have to read the browser-annihilating change log to see if any of the changes are of interest. I’m not planning to do that myself, as it’s likely to take several hours, and unlikely to be particularly rewarding.
Chrome updates itself on its own mysterious schedule, but you can usually trigger an update by going to its ‘About’ page. Because this version includes security updates, you should try to update Chrome as soon as possible.
Update 2017Mar16:Ars Technica points out that Chrome 57 includes power saving features that should extend battery life for Chrome users on laptops.
The change log for Chrome 56.0.2924.87 lists thirty-eight changes in the new version. Of those, only about half involve actual changes to the browser. None of the changes appear to be particularly noteworthy, and none are related to security.
Chrome version 56.0.2924.76 includes fixes for fifty-one security vulnerabilities. But wait, that’s not all. If you want to see what happens when your web browser loads a really big web page, navigate to the change log for Chrome 56.0.2924.76. It’s a behemoth, documenting over ten thousand separate changes.
One change in particular deserves mention: starting with this version, Chrome will show ‘Secure’ at the left end of the address bar if a site is encrypted. When Chrome navigates to a web page that isn’t encrypted, but does include a password prompt, it will show ‘Not Secure’ in the address bar.
Chrome seems to update itself reliably, soon after a new version is released. Still, given the number of security fixes in this release, it’s not a bad idea to check.
A new version of Chrome fixes at least thirty-six security issues in the browser. Aside from listing the vulnerabilities addressed, the release announcement says only that Chrome 55.0.2883.75 “contains a number of fixes and improvements”. You’ll have to read the change log to figure out what else is different. Sadly, the full change log is another one of those browser-killing monstrosities, with almost 10,000 changes listed. Don’t click that link if you have an older computer.
SHA-1 (Secure Hash Algorithm 1) is still used by some web sites to encrypt their traffic. Starting in early 2017, most web browsers will start displaying scary-looking warnings when anyone tries to visit sites using SHA-1.
Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a SHA-1 certificate from loading and will display an invalid certificate warning. Though we strongly discourage it, users will have the option to ignore the error and continue to the website.
In early 2017, Firefox will show an overridable “Untrusted Connection” error whenever a SHA-1 certificate is encountered that chains up to a root certificate included in Mozilla’s CA Certificate Program. SHA-1 certificates that chain up to a manually-imported root certificate, as specified by the user, will continue to be supported by default; this will continue allowing certain enterprise root use cases, though we strongly encourage everyone to migrate away from SHA-1 as quickly as possible.
We are planning to remove support for SHA-1 certificates in Chrome 56, which will be released to the stable channel around the end of January 2017. The removal will follow the Chrome release process, moving from Dev to Beta to Stable; there won’t be a date-based change in behaviour.
News for me, stuff that matters… to me. Windows, Linux, security, tools & miscellany.