Chrome 59 release includes number of changes related to security and SSL. One of the hottest topics through the recent discussions is referring to issuance of incorrect SSL certificates by Symantec certification authority. Large browsers have yet to decide on how to reasonably penalize Symantec for their oversight, and therefore SSL certificates from this certification authority will remain trusted in Chrome 59.
Proposals received from Symantec, were perceived by the developers of Chrome in a positive way. In particular, it was suggested that Symantec will be temporarily issuing SSL certificates via third-party partner until their own release process is debugged to the smallest detail. It was decided that this will help to avoid problems with the erroneous issuance of certificates in the future.
In addition to above mentioned updates, in release of Chrome 59 all bugs related to the substitution of URLs were fixed as well. There are no additional details about these bugs announced yet. It was decided to postpone the announcements in order to avoid their mass exploitation until users update the browser to the latest version.
Other noteworthy changes of the latest release:
- Added a transparency log Venafi Gen2. Previously, it was trusted in Chrome, but was removed due to stability issues.
- Headless Chrome. It is a special environment without a graphical interface, based on the console. With its help, you can develop, test and perform automated tasks that do not require interaction with the user through a graphical interface.
- Added support for the Worker-src directive. It allows you to restrict valid URLs for Workers, SharedWorker, and ServiceWorker in Chrome.
- Downloading additional resources via FTP is now forbidden. Pages (both HTTP and HTTPS) that try to download FTP resources will be blocked. In the future, Chrome plans to abandon the built-in support for FTP in general.
- Blocking resources by URL or file type. In the Chrome Dev Tools, it is now possible to block certain resources in order to test the workability of the site.