Google has pushed out another update to its desktop Chrome browser yesterday (April 14), just a day after a previous update that fixed two serious security flaws, and the same day that a third serious Chrome security flaw was disclosed on Twitter.
The new version, Chrome 90.0.4430.72, patches 37 more security vulnerabilities, although probably not the one disclosed yesterday. It also makes encrypted web connections the default and adds more support for videoconferencing services.
How to update to Chrome 90
To update to Chrome 90.0.4430.72 in Windows or macOS, click the three vertical dots at the top right of the browser window, scroll down to and click Help, and then click About Google Chrome in the fly-out menu.
A new tab will open informing you either that your browser is up-to-date or that a new update is downloading and the browser needs to be relaunched to install the update. Most Linux users will have to wait for the new build to be incorporated into their distribution updates.
As of this writing, other Chromium-based desktop browsers, including Microsoft Edge and Brave, had not been updated to match Chrome. The open-source Chromium browser project is maintained by Google staffers and volunteer coders.
Chrome 90 security updates
Chrome 90’s security fixes run the severity gamut from “High” to “Low,” with six vulnerabilities in the former category. At least one is quite old, having been reported to Google in November 2019; its finders got a bug bounty of $20,000 from Google.
We civilians can’t see the details of the flaws yet, though; Google restricts access to their workings until most users have their systems patched.
HTTPS: Encryption by default
The shift to encrypted web connections by default is perhaps the most important change introduced in Chrome 90.
From now on, if a user types in a regular web address such as “foofoo.com” into the address bar, Chrome will first try to connect to that domain using the encrypted HTTPS protocol instead of the older, plaintext HTTP protocol. (The “S” in “HTTPS” stands for “secure.”)
Google says this change will speed up loading times of websites (like Tom’s Guide) that support HTTPS because before yesterday, HTTP was tried first and browsers needed to be redirected to the HTTPS protocol.
Here’s an animated GIF that Google made to demonstrate how this works.
Chrome 90: AV1 support built in
Chrome 90 also adds support for AV1, a fairly new video-encoding format that was developed by a consortium of Big Tech companies — Amazon, Apple, Facebook, Google and Microsoft among them — to avoid the royalty and licensing issues that had bedeviled earlier encoding formats.
The addition of AV1 should make videoconferences using Google’s own Duo and Meet platforms, as well as Cisco’s WebEx, smoother, especially for users with low bandwidth. Screen-sharing is also supposed to get easier.
Also, here’s a somewhat cringey video made by Chrome Developer Advocate Pete LePage to explain the changes for developers in the new browser. Chrome ’90s — get it?