Chrome 64 is out now, giving you tougher pop-up blocker, Spectre fixes

[straycat19]

Google has released Chrome 64 for Windows, Mac, and Linux, bringing a stronger pop-up blocker, over 50 security fixes, and more mitigations for the Spectre attack.

 

As Google promised last year, Chrome 64 introduces a stronger pop-up block to protect against sneaky tactics that lead users to unwanted content through redirects. 

 

The abusive experiences that the blocker targets are practices often used by shadier sections of the web, including ads or parts of a page that create bogus site warnings and error messages, 'close' buttons that that do something other than close a page element, and play buttons that open third-party sites offering to download an app.

 

Google is also offering feedback to site owners through the Abusive Experiences Report in Google Search Console. The report indicates if their site has displayed any of the abusive behavior and offers advice to improve the experience for users.

 

Site owners will soon need to contend with the Ad Experience Report too, which is part of the new ad-blocking system Google is bringing to Chrome. Google revealed in December that from February 15 Chrome will remove ads that don't comply with standards overseen by the Coalition for Better Ads.

 

"Starting on February 15, in line with the Coalition's guidelines, Chrome will remove all ads from sites that have a 'failing' status in the Ad Experience Report for more than 30 days," Google said.

 

The stable Chrome 65 release is scheduled for March 6, so Google will be activating the ad-blocking system in Chrome 64. The Coalition for Better Ads this month kicked off the Better Ads Experience Program, which certifies that publishers agree to its standards.

Sites that violate the standards are included in the Ad Experience Report, where site owners can submit their site for a reassessment after fixing the offending ads.

 

Chrome 64 also contains 53 security fixes, among them 24 bugs reported by third-party researchers. So far, Google has paid out $22,000 to researchers for the bugs, including a $2,000 bounty to GCHQ's National Cyber Security Centre (NCSC) for a medium-severity WebAssembly flaw.

 

Finally, Chrome 64 brings some of Google's fixes for the Spectre attack that can be used against browsers. 

 

Google in January advised customers they could use Chrome's optional site-isolation feature to mitigate the attack, and flagged additional mitigations in Chrome 64 via the browser's V8 JavaScript engine. 

It has detailed some of these changes. The company will be adding more mitigations in future.

 

Article