Google Chrome has announced the promotion of Chrome 66 browser to the stable channel for Windows, Mac, and Linux. The new promoted Chrome 66 will be rolled out over the upcoming days or weeks. Some of the new major features include media autoplay changes and the ability to export password and several security fixes.
The new version of Chrome 66.0.3359.117 contains a huge list of changes or rather fixes and improvements. The changes that are to be found in the new browser are included in a list available in the log section. Google has announced that they have made huge improvements and they have provided a list which includes 62 security fixes. One of the major changes is that they have stopped the auto-play feature in the media section. Now, when the users will open any YouTube links in a new tab, the video which was playing previously would not play.
Google has been working on improving the control over audio in its browser. It will stop the unexpected media playback in the background of tabs. What improved in the security section of the new browser is the ability to export passwords. Clicking on the options meant for this, the users are asked to input their computer passwords and after the authorization is complete, the passwords that are saved in Google Chrome will be exported as a CSV file.
Google Chrome 66 includes a small percentage of the trial of Site Isolation so that they can prepare for a broader upcoming launch. Site Isolation will improve the security of Chrome and Google has said that it should mitigate the risks posed by side-channel attack techniques such as Spectre. Because this is still on a trail run, Google urged its users to use chrome://flags#site-isolation-trial-opt-out if there is an issue caused by Site Isolation and to report the issue before Site Isolation is launched more broadly.
It should be mentioned that Chrome 66 will not trust website certificates which were issued before 1st June 2016 by PKI. Full access to bug details and links are still kept secret until a majority of users are updated with a fix. Many of the fixes Google were contributed by external researchers. Many of their security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.