On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

The update also features 23 security fixes.

Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities.

The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more control over the experience.”

Chrome 70 for Windows, Mac and Linux will roll out over the coming days and weeks, Google said in a Tuesday posting.

Most notably, Chrome 70 includes a panel enabling users to have more control over how the browser behaves when they log into their Google accounts.

The pressure is on Google to prioritize privacy policies after the tech giant came under fire for a change in Chrome 69, launched earlier in September. After that release, an update to the browser’s sign-in mechanism automatically signed users into Chrome when they signed into any other Google service.

Digs at Google increased when a separate researcher also found that when he deleted the cookies.txt files in Chrome, the browser clears all cookies – except for Google cookies.

But the new control panel means that users have the option to turn off the automatic sign-in, Zach Koch, Chrome product manager, said in a post on the matter.

“While we think sign-in consistency will help many of our users, we’re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in—that way users have more control over their experience,” he said. “For users that disable this feature, signing into a Google website will not sign them into Chrome.

In addition to new privacy features, Chrome 70 also packs 23 security fixes, including both “high” and “medium” priority bugs; as well as new security features.

Of note are patches for a high-priority sandbox escape vulnerability (CVE-2018-17462) in AppCache; a high-priority remote code-execution flaw (CVE-2018-17463) in V8; a “high” priority URL spoof bug (CVE-2018-17464) in Omnibox; and a “high” memory corruption glitch (CVE-2018-17466) in Angle.

Other bugs include a high-priority use-after-free flaw (CVE-2018-17465) in V8, and a high-priority heap buffer overflow vulnerability in Little CMS in PDFium (no CVE assigned yet).

A full list of the security bugs and fixes are here.

Chrome 70 also features Web Bluetooth, which is also available in Windows 10, which allows sites to communicate with user-selected Bluetooth devices in a “secure and privacy-preserving” ways.

And finally, Google released support for public key credentials in Chrome 70, which enables strong authentication to websites with public key cryptography, enabling password-less authentication and/or secure second-factor authentication without SMS texts.

“I’m pretty excited about it because it allows sites to use my fingerprint for two-factor authentication,” Pete LePage, developer advocate, said in a Tuesday post. “But, it also adds support for additional types of security keys and better security on the web.”

Suggested articles

Discussion

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.