A single security fix is the only change mentioned in the release announcement for the latest version of Chrome.
The change log contains forty-one changes, of which about twenty-five are minor bug fixes.
Chrome is pretty good about updating itself, but since this version includes a security fix, you should probably make sure by checking: three-dot-menu > Help > About Google Chrome. This will usually trigger an update if one is required.
Google’s efforts to make the web a safer place include the recent addition of a Not Secure indicator in Chrome’s address bar for sites that are not using HTTPS encryption.
Up to this point, that indicator only appears when a web page includes boxes for entering passwords or credit card information. In the near future, Chrome will expand the conditions in which sites are flagged as Not Secure. In October, Chrome 62 will start flagging as Not Secure any unencrypted web page that includes any data entry boxes, and all unencrypted pages accessed while Chrome is in Incognito mode. Eventually, Chrome will flag all unencrypted pages as Not Secure.
If you use Chrome, you’ve probably noticed that it also flags encrypted sites as Secure. This is misleading, since all it means is that the site is using HTTPS encryption. It doesn’t imply that the site is safe to use, only that it is using an encrypted connection. A site flagged as Secure can still be dangerous to visit, for example if it contains malware. Wordfence’s Mark Maunder recently wrote about the danger of assuming Chrome’s Secure flag means ‘safe’.
The change log for Chrome 58.0.3029.81 is ten thousand items long, so you might want to think twice before clicking that link. It’s probably safe to say that there are no new features or major changes in the new version, since nothing of the kind is mentioned in the release announcement. This is an important update, though. That’s because it includes fixes for twenty-nine security flaws.
Chrome seems to update itself on most computers within a day or so of a new release, but you can usually trigger an update by opening the browser’s menu (the three-vertical-dots icon at the top right) and navigating to Help > About Google Chrome.
Five security issues and a few dozen other bugs are addressed in Chrome’s latest release, version 57.0.2987.133. See the full change log for details. Chrome usually does a good job of updating itself, but you can prod it by clicking the ‘three dot’ menu icon and navigating to Help > About Google Chrome.
About twenty bug fixes and minor changes made it into the latest version of Chrome, 57.0.2987.110. None of the changes seem to be related to security. The announcement doesn’t mention anything about what changed, but the full change log — refreshingly small this time — lists all the changes in detail.
The latest version of Chrome includes fixes for thirty-six security vulnerabilities.
There are numerous other changes in Chrome 57.0.2987.98. Google didn’t see fit to highlight any of them in the release announcement, so you’ll have to read the browser-annihilating change log to see if any of the changes are of interest. I’m not planning to do that myself, as it’s likely to take several hours, and unlikely to be particularly rewarding.
Chrome updates itself on its own mysterious schedule, but you can usually trigger an update by going to its ‘About’ page. Because this version includes security updates, you should try to update Chrome as soon as possible.
Update 2017Mar16: Ars Technica points out that Chrome 57 includes power saving features that should extend battery life for Chrome users on laptops.
A new version of Flash, released yesterday, addresses at least thirteen vulnerabilities in previous versions.
According to the security bulletin for Flash 24.0.0.221, the new version fixes “critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”
The release notes for Flash 24.0.0.221 describe some new features that are likely only of interest to developers.
As usual, Internet Explorer and Edge will get new versions of their embedded Flash via Windows Update, while Chrome’s embedded Flash will be updated automatically.
Anyone who still uses a web browser with Flash enabled should update it as soon as possible.
The change log for Chrome 56.0.2924.87 lists thirty-eight changes in the new version. Of those, only about half involve actual changes to the browser. None of the changes appear to be particularly noteworthy, and none are related to security.
Chrome version 56.0.2924.76 includes fixes for fifty-one security vulnerabilities. But wait, that’s not all. If you want to see what happens when your web browser loads a really big web page, navigate to the change log for Chrome 56.0.2924.76. It’s a behemoth, documenting over ten thousand separate changes.
One change in particular deserves mention: starting with this version, Chrome will show ‘Secure’ at the left end of the address bar if a site is encrypted. When Chrome navigates to a web page that isn’t encrypted, but does include a password prompt, it will show ‘Not Secure’ in the address bar.
Chrome seems to update itself reliably, soon after a new version is released. Still, given the number of security fixes in this release, it’s not a bad idea to check.
There’s not much to talk about in Chrome 55.0.2883.87. The change log lists about thirteen actual changes, but none of those are related to security and they’re all relatively minor.
boot13