The Chrome Releases blog lists some of the security fixes of Chrome 88. 'CVE-2021-21117' received a rating of critical. GHacks has a write-up of the update:
Adobe Flash is gone
The biggest change in Chrome 88 is that Google removed Adobe Flash from the browser. Chrome shipped with its own Flash component and that component is now gone so that Flash content cannot be loaded in Chrome anymore. Flash will be removed from browsers and also operating systems such as Windows. Windows users get an end-of-life popup for instance if Flash is still installed on a system.
FTP support is disabled, or is it?
Google announced the plan to deprecate ftp support in 2015 but has postponed the execution several times in the past. FTP support is removed by Google because Chrome does not support "encrypted connections" or proxies in its FTP implementation. Google notes that usage is low and that third-party FTP programs are a better option for users going forward.
Though the site then reports that FTP still works, albeit probably temporarily.
Mixed Content protection is complete
Google revealed in 2019 that the company's Chrome web browser will upgrade or block mixed content, files that are loaded insecurely on HTTPS pages. Content was divided into types and Chrome started to display warnings and to block certain types in previous releases already.
Chrome 88 blocks insecure image, audio, video, and text files from being loaded if they are served over an insecure connection on HTTPs sites and cannot be upgraded.
Happily, even though AAWP (and AAM in the future) aren't yet secure, because the site doesn't pretend to be secure then everything still loads as it should. I'm still chasing Rafe for news of AAM and 'https' status etc.
There's also (via Howtogeek):
Better Dark Theme Support on Windows 10
Chrome has supported Windows 10’s system-wide dark theme for a while, but Chrome 88 makes it a little better. Dark Theme now applies to scroll bars on many of Chrome’s internal pages. That includes Settings, Bookmarks, History, New Tab Page, and more. It’s not yet present on websites that support dark themes.
Less Intrusive Permission Requests
Chrome 88 is experimenting with a smaller and less intrusive way to ask for permissions. Instead of the pop-up that covers the website content, a new “chip” appears to the left of the URL.
The chip first appears with full text such as “Use Your Location?” After a few seconds, it minimizes to simply a small icon. Clicking the chip, which appears as a blue oval, brings up the permission prompt you’re used to seeing.
You can try out the new permission “chips” right now by enabling the flag at
chrome://flags/#permission-chip
Tab Search Comes to Desktop
Chrome 87 brought a handy Tab Search feature to Chromebooks, but it wasn’t available on Windows, Mac, or Linux. Chrome 88 brings it to those platforms via a Chrome flag.
When it’s enabled, you get a drop-down arrow in the top tab bar that shows all of your open tabs when selected. You can then use the integrated search bar to find the tab you’re looking for.
To get this feature in Chrome 88, enable the Tab Search flag at
chrome://flags/#enable-tab-search
.
Finally, The Register has some extra geeky insight on security in '88':
Google on Tuesday announced the stable channel release of Chrome 88, which includes support for an extension platform revision known as Manifest v3.
Manifest v3 was announced in October, 2018, as part of a broad effort to overhaul the security of various Google products and services. The term refers to the
manifest.json
file, one of several files in a Chrome extension, through which the developer declares the APIs and permissions necessary for the extension to function.Version 3 redefines the scope and capabilities of the APIs available to those creating extensions for Google's Chrome web browser.
"Manifest v3 is a new extension platform that makes Chrome extensions more secure, performant, and privacy respecting, by default," said Chrome developer advocate Pete LePage in a blog post. "For example, it disallows remotely hosted code, which helps Chrome Web Store reviewers better understand what risks an extension poses."
There's little doubt Chrome extensions will benefit from better security, something that has been inadequate since the creation of the Chrome Web Store in 2010, then known as the Google Chrome Extensions Gallery. And the privacy improvements, such as more extensive disclosure requirements, are real. However, Google's claims about the performance benefit of Manifest v3 have been disputed.
Regardless, the platform adjustment comes at a cost: extensions developers will have less power to shape the browsing experience and users will have less capable tools. For example, the declarativeNetRequest API, introduced in Manifest v3 as replacement for the blocking version of the webRequest API – used to intercept and modify network requests – is considered to be less effective for content blocking than its predecessor.
Other capabilities, like background pages – through which extensions could run background processes – have been replaced with a more modern alternative called service workers that nonetheless lacks past capabilities and can only operate for 30 seconds.
In short, this is one Chrome version that everyone should install and as soon as possible. It's also possible that Chrome may be slightly less of a resource hog on less powerful computers and phones?
As always, Chrome will automatically install the update when it’s available - eventually. On a Windows PC/hybrid (including Surface Go/Pro etc.) you can immediately check for and install any available updates, by going to Help > About Google Chrome.
It's something you might want to do straight away for all members of your household, to make sure they stay safe online.
On Android smartphones, including the Surface Duo, you'll have to wait a day or two until the update is offered in the Play Store.