Google plans to release a new stable version of the company’s Chrome web browser today. Google Chrome 85 will be released for all supported operating systems and, as usual, will be released over time.
Desktop users may run a manual check for updates once the new version has been released to upgrade their versions of Chrome right away. Since it may take days before Chrome picks up the update automatically, it is usually a good idea to update as soon as possible using the manual update option.
All that needs to be done is to select Menu > Help > About Google Chrome to run a manual check for updates from within the web browser.
Mozilla released a new stable version of Firefox today as well. Check out our Firefox 80 release overview here.
Google Chrome 85: new features and changes
Google Chrome 85 is a a release that is light on new features, but there are some. Google introduces support for the AVIF format that has been standardized by the Alliance for Open Media (which Google is a member of).
Important Internet sites such as Netflix, YouTube, or Facebook announced interest in using AVIF images on their properties. The format promises a reduction in bandwidth consumption and faster page loads thanks to its smaller size when compared to formats such as jpeg. A test that Netflix ran some time ago showed that AVIF images had about 50% of the size of comparable jpeg images. AVIF may also pave the way for HDR image support on the web.
Chrome 85 is the first stable version of the web browser that will assign SameSite=Lax to cookies if no other SameSite attribute is specified by the site. Google’s initial plan was to roll out the changes in Chrome 80 Stable but the company rolled back the SameSite cookie changes because of the global pandemic.
The main effect that the SameSite=lax attribute has is that it blocks cookies from being sent in third-party contexts. Developers may use the attribute SameSite=None; Secure instead to allow that to happen, but in all cases in which that is not the case, the sending is blocked thanks to the new directive.
The attribute SameSite=None will be ignored if ;Secure is not specified. Additionally, SameSite helps against some forms of cross-site request forgery attacks:
“SameSite” is a reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks, but developers currently need to opt-into its protections by specifying a SameSite attribute. In other words, developers are vulnerable to CSRF attacks by default. This change would allow developers to be protected by default, while allowing sites that require state in cross-site requests to opt-in to the status quo’s less-secure model. In addition, forcing sites to opt-in to SameSite=None gives the user agent the ability to provide users more transparency and control over tracking.
Other changes in Chrome 85 Stable:
- Chrome uses strict-origin-when-cross-origin as the default policy as the default policy instead of no-referrer-when-downgrade to avoid showing the “full URL of the originating document including full path and query parameters alongside every navigation and subresource request”.
- New Media Feeds API that allows sites to return a feed of personalized media recommendations.
- Support for App shortcuts for common tasks that Progressive Web Applications may make use of.
- Bleeping Computer reports that Chrome 85 fixes a high severity code execution vulnerability.