Google releases Chrome 90 with HTTPS by default and security fixes
Google has just released Chrome version 90, bringing a privacy update that automatically adds HTTPS to a URL when it is available.
Chrome engineers flagged the HTTPS feature in February and Google has been testing it in Chrome 90 previews in the Canary and Beta channels. Additionally, Chrome 90 blocks downloads from HTTP sources if the page URL is HTTPS.
Google explained in a blogpost last month that the HTTPS default should help when users type “example.com” instead of “https://example.com”. Chrome previously used http:// as the default protocol, but now defaults to https://.
SEE: Security Awareness and Training policy (TechRepublic Premium)
It should also speed up page loads, since Chrome connects directly to the HTTPS endpoint without needing to be redirected from http:// to https://.
Chrome 90 also brings the first ‘on/off’ controls for Google’s Privacy Sandbox, which includes as part of its design Google’s controversial FLoC identifier replacement for third-party cookies that rival browsers Brave and Vivaldi have disabled.
“With the Chrome 90 release in April, we’ll be releasing the first controls for the Privacy Sandbox (first, a simple on/off), and we plan to expand on these controls in future Chrome releases, as more proposals reach the origin trial stage, and we receive more feedback from end users and industry,” Google announced in January.
Besides these updates, Chrome 90 includes 37 security fixes. External researchers reported six high-severity issues, 10 medium-severity flaws, and three low-severity flaws.
This release of Chrome also ships with the AV1 encoder with better support for WebRTC video-conferencing applications, like Duo, Meet, and Webex. Google notes that AV1 offers better screen-sharing capabilities than VP9 and other codecs. It also enables video for users on low-bandwidth networks, for example at 30kbps and lower.