Google has released a major update to its Chrome browser, which includes fixes for 51 vulnerabilities and marks the end of Flash and the beginning of warnings about pages that send sensitive information over plaintext connections.
Chrome 56 has a number of security related upgrades, aside from the patches. The biggest change is that the browser now displays warnings to users when a page they’re visiting is trying to send sensitive data such as passwords or credit card numbers over unsecured HTTP connections. The move follows a similar one by Mozilla with its Firefox browser earlier this week. For users, the change means they will see a clear indication in the address bar when a page is sending sensitive information on plaintext connections. Rather than a neutral icon, they will see a warning saying that the page is “Not secure”.
The other major change is a shift away from Flash and toward HTML5 by default. Google had said months ago that this change was coming, and in Chrome 56 Flash is now disabled in most cases.
“Last August, we announced that we’d be moving to HTML5 By Default to offer a safer, more power-efficient experience. This change disables Adobe Flash Player unless there’s a user indication that they want Flash content on specific sites, and eventually all websites will require the user’s permission to run Flash,” Pete LePage of Google said in a post.
Among the vulnerabilities that Google patched in Chrome 56 are seven high-risk flaws, including four separate universal cross-site scripting bugs in the Blink component of the browser.
Image: Marcin Wichary, CC By license.