What's in the latest Chrome update? No more Flash (without jumping through hoops)

[Karlston]

What's in the latest Chrome update? No more Flash (without jumping through hoops)

Chrome 76 disables Flash by default, closes an Incognito Mode loophole and simplifies Progressive Web App installation.

Rob Schultz

Google this week updated Chrome to version 76, patching 43 security flaws and making good on a promise to switch off Flash by default.

 

The company paid out $28,000 — more than three times the last cycle — in bug bounties to a half dozen researchers who reported a few of those vulnerabilities. Five of the flaws were ranked "High," the second-most-serious category in Google's four-step ratings, including one that paid $10,000 to its discoverer and another that garnered $6,000. None were rated "Critical," the topmost threat.

 

Because Chrome updates in the background, most users only need to relaunch the browser to finish the upgrade. To manually update, select "About Google Chrome" from the Help menu under the vertical ellipsis at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a "Relaunch" button. New to Chrome? Download the latest in versions for Windows, macOS and Linux from here.

 

Google updates Chrome every six to eight weeks. It last upgraded the browser on June 4.

Last anti-Flash step before Chrome nixes it altogether

With the debut of version 76, the browser disabled Flash by default, the state Chrome will remain in until all support is yanked in late 2020.

 

Sites requiring the plug-in will show the "missing puzzle piece" symbol and the message "Adobe Flash Player is blocked." Users will not be able to run Flash — at all — without going into Settings. After re-enabling Flash at Settings > Advanced > Privacy and security > Site Settings > Flash > Ask First (that last is done by toggling the switch from Block sites from running Flash (recommended)), Chrome users can again run Flash and display Flash content but only after authorization through a click.

 

Note: IT-set group policies that manage Flash within Chrome were not affected by the version 76 change. You can still control Flash behavior using DefaultPluginsSetting, PluginsAllowedForUrls, and PluginsBlockedForUrls, Google said.

 

Chrome now leads the second-place browser, Mozilla's Firefox, in deflecting Flash. (The only browser further along, Apple's Safari, has been anti-Flash since 2010, when Cupertino told users to fetch Flash themselves.)

 

And Google came through with the "infobar" it had pledged previously. If the user manually switches Flash back on through Settings, the infobar appears, warning that the plug-in won't be supported at all after December 2020. It also offers a link for more info on the ban.

IDG A new infobar pops up if the user resets Chrome 76 to run Flash Player, reminding them that the software won't be supported at all after December 2020.

 

Currently, Chrome is to completely nix support for Flash as of version 87, which should debut in December 2020.

Chrome slams door on Incognito Mode loophole

Chrome 76 also closed a loophole that some websites were exploiting to shut down users trying to slip past article count meters.

 

Many sites with paywalls — the New York Times, for one — let visitors view x number of stories free of charge, a way to show the quality of the content behind the wall. After that count is reached, access is blocked. Browsers' privacy modes, including Chrome's Incognito Mode, were a way for readers to "reset" that meter and read more than the allotted number of articles.

 

Site publishers, of course, were onto the privacy mode ploy and in Chrome, monitored an API that was automatically disabled in Incognito Mode. If a call to the API returned an error — as it did when the API was off — the site assumed the visitor was in privacy mode and then blocked them from reading.

 

Two weeks ago, Google announced it was shutting down the ability of sites to sniff out Incognito Mode through the API. "Chrome will likewise work to remedy any other current or future means of Incognito Mode detection," promised Barb Palser, a manager in Google's news and web partnerships group, in a post to a company blog.

 

She also had recommendations for site publishers who had used the API to detect story count scofflaws. "Sites that wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content or hardening their paywalls," Palser wrote. "Other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds."

 

Site publishers could be excused for breezing by Palser's unsolicited advice, seeing as how Google's business model is the antithesis of most sites'.

PWA isn't the sound you make when you spit

As another part of its push to boost Progressive Web Apps (PWAs), the platform-independent apps that behave much like standard desktop applications, Chrome 76 simplifies their installation.

 

If the distributing website meets the PWA install criteria, Chrome now displays a small icon at the right edge of the address bar; clicking that icon initiates the PWA installation process. By bringing PWA availability to the forefront, Google hopes to raise awareness of the standard.

IDG Chrome 76 now has PWA (Progressive Web App) awareness. A small icon at the right end of the address bar — it vaguely resembles a crosshair — launches the installation process for any PWA, assuming the hosting site meets Google's criteria.

 

"On desktop, there's typically no indication to a user that a Progressive Web App is installable, and if it is, the install flow is hidden within the three-dot menu," wrote Pete LePage, a Google developer advocate, in a June document. "We're making it easier for users to install Progressive Web Apps on the desktop by adding an install button to the address bar."

 

(Not surprisingly, Chrome is a huge booster of PWA; Google coined the term.)

For enterprise eyes only

A few of Chrome 76's additions and improvements are only for organizations that manage the browser.

 

As of this version, private-hosted Chrome add-ons — in other words, those not in the Chrome Web Store e-market — must be packaged with the CRX3 format. (The prior format, CRX2, used the SHA1 cryptographic hash function to secure extension updates; CRX2's SHA1, however, can technically be broken, potentially giving attackers who intercept an over-the-Internet update a way to inject malicious code into the add-on refresh.)

 

"If your organization is force-installing privately hosted extensions or third-party extensions hosted outside of the Chrome Web Store that are packaged in CRX2 format, the extensions will stop updating in Chrome 76 and new installations of the extension will fail," Google warned.

 

Chrome 76 also nulls the ability of IT staffs to use group policies to opt out of the site isolation technology Google introduced in 2007 with version 63. A year ago, Google switched on site isolation for the vast majority of Chrome users.

 

But because site isolation impacted Chrome's performance, Google has let enterprises that manage the browser disable the defensive technology. That's now ended.

 

"Starting with Chrome 76, we will remove the ability to opt out of site isolation on desktop using the SitePerProcess or IsolateOrigins policies," Google announced. The change only applied to desktop Chrome, including Chrome OS; on Android, the comparable SitePerProcessAndroid and IsolateOriginsAndroid policies can continue to be used to turn off site isolation.

 

Google has also created a new Chrome policy list for enterprise IT. Notably, the list can be filtered by platform — macOS, Windows, Android and the like — as well as by Chrome version.

 

Chrome's next upgrade, version 77, should reach users on or about Sept. 10.

 

 

 

Source: What's in the latest Chrome update? No more Flash (without jumping through hoops) (Computerworld - Gregg Keizer)

[Karlston]

Chrome 76: no more https or www in address bar

Google Chrome users who upgraded the stable version of the web browser to the recently released Chrome 76 version may have noticed that Chrome does not display https or www anymore in the browser's address bar.

 

Google made the change in 2018 for the first time when it released Chrome 69 but had to undo it after user outcry over the removed feature. Back then, Google decided to remove what it called trivial subdomains like www. or m. to display only the root domain in the address bar; this lead to issues on sites that supported several of the trival subdomains as it was no longer possible to look at the address to verify the active site.

 

Google called these subdomains trivial because it believed that most Internet users would not require the information.

 

Google did state back then that it would remove certain trivial subdomains again at a later point in time. It appears that the time has come, as Chrome 76 hides the www part of the domain name and the https:// protocol information from its address bar.

 

Check out how the Ghacks homepage URL is displayed in Google Chrome 76:

 

 

Chrome stripped https://www. from the address leaving just ghacks.net in the address bar. The lock icon does indicate that the site uses HTTPS but Google plans to remove it as well in the future.

 

You may wonder why Google decided to make the change. Google engineer Emily Schechter revealed Google's intention on the official Chromium bug page.

The Chrome team values the simplicity, usability, and security of UI surfaces. To make URLs easier to read and understand, and to remove distractions from the registrable domain, we will hide URL components that are irrelevant to most Chrome users. We plan to hide “https” scheme and special-case subdomain “www” in Chrome omnibox on desktop and Android in M76.

According to the post, Google believes that certain parts of the URL are distracting and irrelevant to most Chrome users.

 

Chrome users need to click twice in the URL bar to display the full address of the page. It is unclear why Google believes that clicking twice and not once is right when it comes to that but that is far from the only issue that users may experience once they upgrade to Chrome 76.

 

Users who try to copy just the domain part of an address will notice that Chrome adds the protocol and www. if used to the copied address automatically. There is no option to prevent this from happening right now; users who just want the domain need to process the copied text before they may use it as intended.

 

Another issue that users may run into is when a site uses www exclusively. Chrome displays the domain without www only and some users may try to load the domain without www as a consequence in the future. If there is no redirect, Chrome will display a 404 not found error instead.

 

 

It is too early to tell if companies who use Chromium as the source for browsers will follow Google's lead. Browsers like Microsoft Edge, Opera, Brave, or Vivaldi all use Chromium and if developers don't make changes to the source code, will follow Chrome in displaying less information in the address bar.

 

Chrome 76 supports two experimental flags currently that reverts the change. These flags will be removed eventually from Chrome, however.

1. Load chrome://flags/#omnibox-ui-hide-steady-state-url-scheme and set the state to Disabled to always display the URL scheme, e.g. HTTPS, in the Chrome address bar.
2. Load chrome://flags/#omnibox-ui-hide-steady-state-url-trivial-subdomains and set the state to disabled to display trivial subdomains all the time.
3. Restart Google Chrome.

Closing Words

As far as I'm concerned, I prefer if browser's display all information and both the protocol and the www subdomain are vital parts of the address and should not be hidden; especially so if the hiding may lead to confusion or problems.

 

Google seems intent to go forward with the change on desktop and on Android. Unless there is an equally large outcry about the change, it is unlikely that Google will revert it for a second time.

 

I think that Google is just starting with pushing certain changes in Chrome and most of the web, and not all of them are in the best interest of Internet users.

 

 

 

Source: Chrome 76: no more https or www in address bar (gHacks - Martin Brinkmann)

[Kalju]

Well-known folk writer Brinkman is lying again. He knows very well how to lay to people.
The flash is not missing anywhere and it has been disabled by defalt alredy for long time. At least two years already if not longer.
The story is with missing http/https and www. or any other part of the url. They have been hidden (covered) by other messages for a long time. Everything is exactly as it was already year or more.
And if anybody don't want to re-enable flash every time, it can be done through the registry and flash will always work without asking on websites where you have enabled it.  That's it. The same is on using any Chromium based browser, by default is flash disabled and it always asks to run, but You can always enable it permanently thru the registry, ie using local policy settings.
What's new is just the pop-up message about the disappearance of the flash in 2020. But even this is not first time if about this has been announced, on beta channel it have been there already for long time.
Long live the fake news distributor Martin Brinkmann!

[steven36]

On 8/1/2019 at 4:02 PM, Kalju said:

Well-known folk writer Brinkman is lying again. He knows very well how to lay to people.
The flash is not missing anywhere and it has been disabled by defalt alredy for long time. At least two years already if not longer.
The story is with missing http/https and www. or any other part of the url. They have been hidden (covered) by other messages for a long time. Everything is exactly as it was already year or more.
And if anybody don't want to re-enable flash every time, it can be done through the registry and flash will always work without asking on websites where you have enabled it.  That's it. The same is on using any Chromium based browser, by default is flash disabled and it always asks to run, but You can always enable it permanently thru the registry, ie using local policy settings.
What's new is just the pop-up message about the disappearance of the flash in 2020. But even this is not first time if about this has been announced, on beta channel it have been there already for long time.
Long live the fake news distributor Martin Brinkmann!

I think them getting rid of flash is a good thing only 5% sites left is flash  old sites that never updated there code . the  end of 2020 no browsers will ship with flash plugin  no more. what changed is  flash in Chromium it's click to play now . I use  Developer  builds of Chromium so i'm always  a few versions ahead of everyone else .

 

How to Enable Adobe Flash in Google Chrome 76+

https://www.howtogeek.com/434334/how-to-enable-adobe-flash-in-google-chrome-76/

 

Before you could just click on the padlock and enable  it.

 

My www have been chopped out for awhile  now because I'm on  Chromium 77 now  , it still there in Firefox the reason it's a  issue is many users complained about it because its confusing and still done it anyway.

 

Google finally chops 'www' from Chrome's address bar despite backlash over 'confusing' change

https://www.techrepublic.com/article/google-finally-chops-www-from-chromes-address-bar-despite-backlash-over-confusing-change/

 

I don't see were no one   lied  Google is slowly weening people off flash, Most normal users don't know  nothing about hacking no registry and Linux or Mac don't have a registry and  Google  have millions  of users on Desktop . Most of the time if you hack settings on Linux you have too edit a config file or make a wrapper to get around browsers being a jail.

 

I use Waterfox as my default Browser ,  My spare browsers are Brave Stable , Firefox RC channel  because  on Linux  Distros are slow about pushing updates and it always updates to stable because the last RC and stable are the same hash (known fact for years)  , And Chromium Dev  (VA-API Patched PPA Builds)