Chrome Enterprise release notes

This page is for administrators who manage Chrome Browsers or devices that run Chrome OS in their organization.

Each new Chrome release contains thousands of improvements. Here, you can review new features and changes that might be of interest to you and other administrators who manage Chrome Browser and device deployments.

In the following notes, the stable release or milestone date (M##) refers to the version of the scheduled feature launch. For example, M67 indicates a feature scheduled to launch with the stable version of Chrome 67.

Sign up here for our email distribution for future releases. 

Chrome version & targeted Stable channel release date

PDF
Chrome 67: May 29, 2018 PDF
Chrome 66: April 17, 2018 PDF
Chrome 65: March 6, 2018 PDF
Chrome 64: January 23, 2018 PDF
Chrome 63: December 5, 2017 PDF
Chrome 62: October 17, 2017 PDF
Chrome 61: September 5, 2017 PDF
Chrome 60: July 25, 2017 PDF
Chrome 59: May 30, 2017 PDF
Chrome 58: April 18, 2017 PDF
Chrome 57: March 7, 2017 PDF

Call for Trusted Testers

Become a Chrome Enterprise Trusted Tester to test new Chrome features in your environment. You’ll provide feedback directly to our product teams so we can develop and prioritize new features. If you’d like for your organization to participate, complete this form. We’ll follow up with more details. We’re looking forward to working with you!

Additional resources

Current release notes

Open all   |   Close all Chrome 67

Starting with Chrome 67, release notes are listed in a new format. They're no longer exclusive to Chrome Browser, but also include Chrome OS releases and Admin console features coming soon.

We're also now taking sign-ups for the Chrome Enterprise Trusted Tester program where you can test new Chrome features in your environment. You’ll provide feedback directly to our product teams so we can develop and prioritize new features. If you’d like for your organization to participate, complete this form. We’ll follow up with more details.

New and updated policies

Policy Description
ArcAppInstallEventLoggingEnabled Logs events for Android app installs (Chrome OS)
AutoplayWhitelist Allows media autoplay on a whitelist of URL patterns
CertificateTransparencyEnforcementDisabledForCas Disables Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
CertificateTransparencyEnforcementDisabledForLegacyCas Disables Certificate Transparency enforcement for a list of Legacy Certificate Authorities
DefaultWebUsbGuardSetting Controls use of the WebUSB API
DeviceRollbackAllowedMilestones Specifies the number of milestone rollbacks allowed (Chrome OS)
DeviceRollbackToTargetVersion Specifies a rollback to a target version (Chrome OS)
MediaRouterCastAllowAllIPs Allows Google Cast to connect to Cast-ready devices on all IP addresses
RelaunchNotificationPeriod Sets the period for update relaunch notifications
SafeBrowsingExtendedReportingEnabled Enables extended reporting for Safe Browsing (added in M66)
TabUnderAllowed Allows sites to simultaneously navigate and open notifications

Chrome Browser updates

  • SAML SSO interstitial

    Doesn’t impact users who sign in to G Suite services directly, those who use G Suite or Cloud Identity as their identity provider, or devices running Chrome OS.

    If your users use SAML to sign in to G Suite services, they’ll need to complete an extra step to confirm their identity when using the Chrome Browser. After signing in on a SAML provider’s website, they’ll be brought to a new screen on accounts.google.com to confirm their identity. This screen provides an extra layer of security and helps prevent users from unknowingly signing in to a malicious account.

    To minimize disruption, this screen will only be shown once per account per device. We’re working on ways to make the feature smarter in the future, meaning users in your organization should see the screen less and less over time.

    If you don’t want your users to confirm their identity on this interstitial page, you can set the X-GoogApps-AllowedDomains header and identify specific domains where the extra confirmation isn’t needed. We assume that if the user is signing in with an account that is in this list of domains, then the account is trusted by the user. You can set the header using the AllowedDomainsForApps group policy.

    For more details, see the G Suite Updates blog.

  • Site Isolation

    You can turn on site isolation to create an additional security boundary between websites. When you enable site isolation, content for each open website in Chrome Browser is always rendered in a dedicated process, isolated from other sites. Adding site isolation creates an additional security boundary between websites.

    Chrome continues to roll out Site Isolation to a larger percentage of the stable population in M67. For details, see Manage Site Isolation.

Chrome OS updates

  • Desktop Progressive Web Apps (PWAs)

    Desktop PWAs are now supported on devices running Chrome OS starting with M67. Work is underway to include support for Microsoft® Windows® and Apple® Mac®. For more information, see our developer site.

  • Detachable-base swap detection

    Detachable-base swap detection helps prevent hackers from accessing sensitive data. When a keyboard base that has not been used before is attached to a detachable tablet, such as an HP Chromebook X2, the user gets notified. The detection helps prevent hackers from replacing the base with a different one that looks the same but has been modified.

  • Block symlink traversal

    This feature improves verified boot security by preventing symlink traversal attacks, even after restart. This is a defensive measure to prevent attacks against Chromebooks from persisting through restart.

    This feature has no observable changes for most users. Developers and power users who use developer mode might run into issues, but these can be resolved by disabling this restriction. Learn more about restricting symlink traversal.

Admin console updates

  • EAP-TLS device-level support

    Admins can now configure EAP-TLS network support at a device level. These network settings apply to users across the device, including users in a public session and kiosk mode. Learn more about adding a network configuration.

  • Managed Google Play on Chrome OS policy update

    With this release, the Android user policies Backup & Restore and Google Location Services are disabled by default for the Chrome Enterprise and Chrome Education services. Admins can only turn off these features or let the users configure them. Admins cannot force these on for their users. The policies allow users to easily restore their data and help improve location accuracy on their Android apps.

  • Admins can block apps from installation
    Currently not available for the Chrome Education service

    As an administrator, you can specify a blacklist of Android apps for users who have enabled All Access mode for Android on their organization’s domain. If a blacklisted app has already been downloaded onto a user’s device, it will be uninstalled.

  • Android app installation reporting

    In a new section in the Google Admin console, you and other admins can troubleshoot Android app installations on devices running Chrome OS. You can now see the status of force-install (and uninstall) operations and filter the reports by organizational unit, user, or status. You can also see which devices the status applies to.

  • Android app bulk purchasing on Education service

    As an administrator of the Chrome Education service, you can now bulk purchase one-time payment and perpetual-access apps from the managed Google Play store and provision them by user and organizational unit in the Admin console. In the Admin console, you can force-install, allow install, and pin apps to the taskbar. You can use a credit card and Google Play gift cards. In-app and subscription purchasing is not currently supported.

Upcoming Chrome Browser features (targeted for M68 and later)

  • Unencrypted sites to show “not secure” indicator (M68)

    For the past several years, we’ve advocated that sites adopt HTTPS encryption for greater security. Within the last year, we’ve also helped users by marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

    Chrome will offer a policy to control this warning on a per-domain basis.

    "not secure" warning

  • Canary release channel on Mac update (M68)

    This change unifies the policy list for all Chrome OS release channels on Mac devices to include the Canary channel, which is consistent with how other platforms operate.

  • Reduce Chrome crashes caused by third-party software (M68)

    In M66, Chrome began showing a warning to users after a crash that will display third-party software that is injecting code into Chrome, guiding them to update or remove that software. In M68, Chrome 68 will begin blocking third-party software from injecting code into Chrome processes.

    You can enable or disable third-party software blocking with the ThirdPartyBlockingEnabled policy.

    Disable third-party software blocking notification

  • Block a locally-installed hardcoded CA for Mitel VoIP products (M68)

    In M68, we intend to blacklist a hardcoded Certificate Authority (CA) and shared private key that’s installed with certain Mitel® VoIP products. The products contain both the public and private key for the Mitel IP Communications Platform (ICP) CA, which can be installed and trusted for a wide range of certificate purposes, including website SSL and TLS certificates. We’ve observed evidence of this CA being used to maliciously issue Man-in-the-Middle (MITM) certificates, including www.google.com. While this CA is not publicly-trusted as a part of the web PKI, it warrants protecting Chrome users by blocking trust in it. For more details, see Mitel's security advisory.

  • Certificate transparency (M68)

    M68 will require that all new publicly-trusted certificates issued after April 30, 2018 have several Certificate Transparency logs. This update does not affect existing certificates or certificates from locally-trusted CAs, such as Enterprise CAs or those used with antivirus or security products. For more information, see Certificate Transparency.

  • Redirect protection

    We’re working on a new security feature that blocks redirects from cross-domain iframes. To test if sites used by your organization are affected, you can visit these sites by going to chrome://flags/ and enable the flag #enable-framebusting-needs-sameorigin-or-usergesture.

    Framebusting requires same-origin or a user gesture

Upcoming Chrome OS features (targeted for M68 and later)

  • PIN sign-in support (M68)

    Users will now be able to sign in to their device using a numeric PIN. Previously, users could only use a PIN to unlock their device after first signing in with a password.

  • Video capture service (M68)

    Video capture from internal and external camera devices in Chrome (including on Chrome OS and Chromebox for meetings devices) has traditionally been run as part of the main Chrome Browser process. With the rollout of the video capture service, this functionality is now a separate process to help enable better isolation. There are no user-facing changes in functionality.

Upcoming Admin console features

  • Automatic re-enrollment (Forced re-enrollment enhancement) (M68)

    A new feature allows a Chrome OS device that is wiped or recovered to automatically re-enroll once it connects to a network. In the past, a user had to sign in to complete the re-enrollment step. But with the new feature, user credentials are no longer required to complete re-enrollment.

    Admins can still require users to sign in to re-enroll wiped or recovered devices.

  • Native printer management improvements

    There will be 2 new improvements for native printer management:

    • A new policy for user and device settings to remove the 20-printer limit per organizational unit.
    • A new policy to block users from manually adding printers is targeted for M68.
  • Sign-in Within the Browser policy

    Admins can restrict users who are signed in to the Chrome Browser from adding additional Google Accounts in the browser.

  • Device off-hours feature

    Admins can set up schedules to customize when sign-in restrictions and guest-mode policies are needed. For instance, schools can allow guardians and family members to sign in to Chrome OS devices with their personal accounts after school hours on managed devices.

  • Public session support for managed Google Play on Chrome OS

    You will soon be able to run Android apps in public sessions. Currently, Android apps can only run in a signed-in session.

Previous release notes

Chrome 66

Security updates

  • Continuation of distrust of Symantec Certificates 

    Following our announcement to gradually phase out trust in Symantec's PKI, Chrome continues to remove trust in Symantec-issued certificates issued before June 1, 2016.

    The Google Security Blog published a guide for impacted site operators. The EnableSymantecLegacyInfrastructure enterprise policy allows administrators to temporarily remove Chrome's distrust of the Symantec PKI. The policy expires after Chrome 73 (targeted for release January 2019), giving enterprise admins 3 releases after Chrome's full distrust to migrate off of Symantec certificates.

    For details, see Migrate from Symantec certificates.

  • Site Isolation Trial

    Chrome 66 includes a trial of Site Isolation for a small percentage of users, to prepare for a broader upcoming launch. Site Isolation improves Chrome's security and helps mitigate the risks posed by the Spectre security vulnerability.

    If you observe any issues with functionality or performance in the trial, it can be disabled by policy.  To diagnose whether an issue is caused by Site Isolation, test by going to chrome://flags#site-isolation-trial-opt-out and follow these instructions to opt out. If any of your users experience issues, you can disable the trial for your whole organization by setting the SitePerProcess policy to false, instead of leaving it unspecified.

    If you experience any issues during the Site Isolation trial, please report them here.

Enterprise features

  • Chrome relaunch policy: RelaunchNotification 

    If set to 1, or recommended, the user sees a prompt after days 2, 4, 7, and every 3 days after that. If set to 2, or required, the user sees a prompt at days 2, 4, and 7, with a forced relaunch 3 minutes after the final prompt. The RelaunchNotificationPeriod policy feature will make the period configurable.

  • Chrome relaunch policy: RelaunchNotificationPeriod (M67)

    This feature allows admins to set the time period over which Chrome relaunch notifications are shown to apply a pending update. Over the period based on the setting of the RelaunchNotification policy, the user is repeatedly notified of the need for an update. If RelaunchNotificationPeriod isn't set, the default period of one week applies.

  • Click to open PDF 

    For downloading embedded PDF content with an embed or iframe when Chrome's default PDF viewer is disabled (via settings or Enterprise policy) or not present (as on mobile), an Open button appears on the PDF placeholder.

  • Force sign-in policy: Support for Mac

    The ForceBrowserSignin policy is supported on Mac.

Chrome policies

Changes in this release:

Policy Notes
AutoplayAllowed This policy allows you to control whether videos with audio content can autoplay (without user consent) in Chrome.
EnableCommonNameFallbackForLocalAnchors This policy has been deprecated.
EnableSymantecLegacyInfrastructure When this setting is enabled, Chrome allows certificates issued by Symantec Corporation's Legacy PKI operations to be trusted if they otherwise successfully validate and chain to a recognized CA certificate.
ForceBrowserSignin Force users to sign in to the profile before using Chrome. Added support for Mac.
RelaunchNotification Notify users to relaunch Chrome to apply a pending update.
SafeBrowsingExtendedReportingEnabled This setting enables Chrome's Safe Browsing Extended Reporting and prevents users from changing it.
SSLVersionMin If this policy isn't configured, Chrome uses the default minimum version of TLS 1.0.

 

UI changes

  • Reducing Chrome crashes caused by third-party software

    Chrome will begin showing a warning to users after a crash that displays third-party software injecting code into Chrome. It guides them to update or remove that software.

    Update or remove problem applications

Deprecations

  • Enable CommonName fallback for local anchors policy

    The EnableCommonNameFallbackForLocalAnchors policy was offered to give admins more time to update their local certificates. It removes the ability to allow certificates on sites using a certificate issued by local trust anchors that are missing the subjectAlternativeName extension.

    As of Chrome M66, we will be deprecating this policy. If a user running Chrome 66 tries to access a site where the certificate isn't allowed, they will see a warning indicating they can't trust the certificate.

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

 

Corrections

  • Previously listed as launching with Chrome 66, SafeBrowsingWhitelistDomains will now launch in Chrome 67. This policy allows you to configure the list of domains Safe Browsing trusts. Safe Browsing won't check for dangerous resources (for example, phishing, malware, or unwanted software) for URLs that match these domains.

 

↑ back to top

Chrome 65

Security updates

  • Support for TLS 1.3

    This release comes with the latest version of the Transport Layer Security (TLS) protocol (TLS 1.3 draft 23) turned on. Users of Cisco Firepower devices configured to perform TLS man-in-the-middle interception in Decrypt-Resign/SSL Decryption Enabled mode should see Cisco's documentation.

Chrome policies

Changes in this release:

Policy Notes
AlwaysAuthorizePlugins This policy was deprecated.
AbusiveExperience InterventionEnforce Prevent pages with abusive experiences from opening new windows or tabs.
AdsSettingForIntrusive AdsSites Set whether ads should be blocked on sites with intrusive ads.
DeviceLoginScreenAutoSelect CertificateForUrls Automatically select client certificates for these sites on the sign-in screen (available on Chrome OS).
DisablePluginFinder This policy was deprecated.
RestrictAccountsToPatterns Restrict accounts that are visible in Chrome (available on Android.)
SecondaryGoogleAccountSign inAllowed Allow multiple sign-in access within the browser (available on Chrome OS).
SecurityKeyPermitAttestation URLs/domains are automatically permitted direct Security Key attestation.
SpellcheckEnabled If this policy is on, the user is allowed to use spellcheck.
SpellcheckLanguage This policy force enables spellcheck languages.
ThirdPartyBlockingEnabled This policy enables third-party software injection blocking (available on Windows).
UnsafelyTreatInsecureOriginA sSecure This policy specifies a list of origins (URLs) to be treated as secure context. Learn more about secure contexts.
WebDriverOverrides IncompatiblePolicies This policy allows users of the WebDriver feature to override policies that can interfere with its operation.

Developer changes

  • Ignore <a download> for cross-origin URLs

    To avoid user-mediated information leakage, Chrome starts to ignore the presence of the download attribute on anchor elements with cross-origin attributes. See more details on Chromium.org.

Deprecations

  • Mac OS X 10.9 Support 

    Chrome won't support Mac OS X 10.9. Chrome on Mac OS X 10.9 does not autoupdate. If you have Mac OS X 10.9, upgrade to a newer Mac OS.

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

 

↑ back to top

Chrome 64

Security updates

The Chrome Releases Blog lists all the latest Chrome security changes. Chrome 64 also mitigates against speculative side-channel attacks.

  • Site isolation improvements  

    With M64, we fixed known issues and made improvements with site isolation.

Enterprise features

  • Forced sign-in  

    This feature allows admins to force a user to sign in with their Google account before using Chrome. It ensures Chrome can only be used when under management by cloud-based policies configured in the Admin console. See Force users to sign in to Chrome.

UI changes

  • Site muting 

    You can mute/unmute sites by interacting with the tab options or by clicking Lock Lock to the left of the URL (desktop only). The Sound settings page (for the desktop, chrome://settings/content/sound) lets you add exceptions for individual sites, as well as turn on/off audio for all sites. If you mute a site through this feature, all open tabs for that site are muted.

Chrome site muting dialog box

 
  • Stronger pop-up blocker 

    One out of every 5 user feedback reports submitted on Chrome for desktop mention some type of unwanted content. Examples include links to third-party websites disguised as play buttons or transparent overlays on websites that capture all clicks and open new tabs or windows. In this release, Chrome's pop-up blocker now prevents sites with these types of abusive experiences from opening new tabs or windows. Site owners can use the Abusive Experiences Report in Google Search Console to see if any of these abusive experiences have been found on their site and improve their user experience.

  • Change to JavaScript dialogs 

    We are changing the way Chrome handles JavaScript dialogs window.alert(), window.confirm(), window.prompt() to improve user experience and better align with other modern browser's behaviors. Background tabs are no longer brought to the foreground when a dialog is triggered. Instead, the tab header shows a small visual indicator.

    Sites can still show browser notifications if permitted by the user or admin. Users can allow browser notifications by interacting with the pop-up permission prompt or changing site permissions. Admins can use the NotificationsAllowedForUrls policy through GPO or the Admin console to list site URLs they want to allow to display notifications to users (for example, calendar.google.com).

Developer changes

  • Resize Observer 

    Traditionally, responsive web applications have used CSS media queries or window.onresize to build responsive components that adapt content to different viewport sizes. However, both of these are global signals and require the overall viewport to change in order for the site to respond accordingly. Chrome now supports the Resize Observer API to give web applications finer control to observe changes to sizes of elements on a page.

This code snippet uses the Resize Observer API to observe changes to an element:

const ro = new ResizeObserver((entries) => {

for (const entry of entries) {

const cr = entry.contentRect;

console.log('Element:', entry.target);

console.log(`Element size: ${cr.width}px × ${cr.height}px`);

console.log(`Element padding: ${cr.top}px / ${cr.left}px`);

}

})

// Observe one or multiple elements

ro.observe(someElement);

  • import.meta 

    Developers writing JavaScript modules often want access to host-specific metadata about the current module. To make this easier, Chrome now supports the import.meta property within modules that exposes the module URL via import.meta.url. Library authors might want to access the URL of the module being bundled into the library to more easily resolve resources relative to the module file as opposed to the current HTML document. In the future, Chrome plans to add more properties to import.meta.

Deprecations

  • SharedArrayBuffer (M63)

    In line with other browsers, starting on January 5, 2018, Chrome disabled SharedArrayBuffer on Chrome 63. To help reduce the efficacy of speculative side-channel attacks, Chrome will modify the behavior of other APIs, such as performance.now. This is intended as a temporary measure until other mitigations are in place.

  • Enable CommonName fallback for local anchors policy (M66)

    Chrome offered the EnableCommonNameFallbackForLocalAnchors policy to give IT admins more time to update their local certificates. As of Chrome 66, targeted for Stable Channel on April 2018, we will start deprecating this policy, which removes the ability to allow certificates on sites using a certificate issued by local trust anchors that is missing the subjectAlternativeName extension. If an end-user running Chrome 66 attempts to access a site where the certificate isn't allowed, they will see a warning that the certificate cannot be trusted.

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

 

↑ back to top

Chrome 63

Security updates

See the latest Chrome security improvements in the Chrome Releases Blog.

  • Enabling TLS 1.3 

    TLS 1.3 is enabled starting in Chrome 63. At this time, the only Google service with TLS 1.3 enabled is Gmail, but this expands to the broader web in 2018. End users should not be impacted by this change. If you are aware of any systems that don't work with TLS 1.3, post your feedback in the admin forum. As you prepare for wider use of TLS 1.3, you can configure this policy for network software or hardware in your enterprise that will not transit TLS 1.3 connections. See more information on Chromium.org.

  • Support for NTLMv2 authentication protocol 

    Chrome 63 also includes support for NTLMv2 authentication protocol on Mac, Android, Linux, and Chrome OS. We are expanding on a previous release that supported NTLMv2 for Windows. With versions prior to Chrome 63, this must be manually enabled via chrome://flags. In 2018, we set NTLMv2 as the default NTLM protocol. For enterprises that need to extend support for NTLMv1, a new policy is available to allow you to force the older NTLMv1 protocol as needed.

  • Site isolation 

    Site isolation is available in Chrome 63. With site isolation enabled, Chrome renders content for each open website in a separate process, isolated from other websites. This can mean even stronger security boundaries between websites than Chrome's existing sandboxing technology. Read more at Manage site isolation.

UI changes

  • Material design bookmarks

    Chrome's Bookmarks Manager has now been refreshed with new Material Design UI. Take a look by visiting chrome://bookmarks.

    Chrome bookmarks bar

Deprecations

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

 

↑ back to top

Chrome 62

Security updates

  • Warning for untrusted Symantec certificates

    Chrome 62 introduces a console warning for sites using certificates from Symantec or Symantec brands that may not be trusted in future versions of Chrome. For more information, see this blog post.

Enterprise features

  • Change to update-check URL

    We are changing our main update-check URL host on Chrome for desktop from tools.google.com to update.googleapis.com. You might need to update your enterprise's firewall whitelist to the our new update-check URL to ensure that Chrome continues to update. Learn more.

  • Manage extensions by permission

    The permission-based management of extensions is a new enterprise-focused set of controls implemented via Chrome policy and used to prevent extensions that request undesirable permissions from running. Example: Set or modify a proxy (proxy), Capture audio/video of the desktop (desktopCapture), etc. Learn more.

UI changes

  • Chrome Cleanup tool 

    On Chrome for Windows, the Chrome Cleanup feature alerts users when it detects unwanted software. It offers a quick way to remove the software and return Chrome to its default settings. We recently completed a full redesign of Chrome Cleanup. The new interface is simpler, has a native Chrome interface, and makes it easier to see what software will be removed.

    Use the Chrome Cleanup tool to remove harmful software

  • Edit username when saving passwords

    You can now edit your username when prompted to store a password for a website you visit. When you see the pop-up to save a password (or click the key icon in the address bar after signing in to a page), simply click Edit  and make any edits needed.

    Do you want Google Chrome to save your password to this site? dialog box
  • Introducing Site settings page

    Starting M62, you will see a new Site settings button. The Site settings page provides per-origin permissions, rather than per-permission exceptions.

    Site settings button accessed by clicking the lock icon at the start of the Chrome address bar

Deprecations

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

 

↑ back to top

Chrome 61

Security updates

To learn about the latest Chrome security changes, see the Chrome Releases Blog.

  • Final removal of trust in WoSign and StartCom certificates

    Chrome 61 or later won't trust website authentication certificates issued by WoSign or StartCom. This is the culmination of a multi-release distrust process.

Enterprise features

  • Side-by-side Chrome channels on Windows

    Chrome supports multiple release channels with varying degrees of stability and support. Most users browse with the Stable channel of Chrome. In addition to Stable, Google also ships early-access Chrome channels (Dev, Beta) to get early feedback on features and changes, directly from users and developers. Early-access channels allow developers and admins to try cutting-edge features and validate that business critical applications continue to function as Chrome changes.

    Currently, you can't install and run Dev or Beta Chrome on the same computer as the Stable version of Chrome. Starting M61, users can install and run Dev, Beta, and Stable versions concurrently on the same Windows computer. For more details, see the blog post.

UI changes

  • Material Design for New Tab Page (NTP)

    We applied a modernized Material Design look to the Desktop NTP. The search bar has been updated to a lighter drop-shadow style that is consistent with Google Web Search. Most visited sites has also been updated to use the same lighter style and refined hover, focus, and active states.

    Material Design New Tab Page in Chrome

  • New messaging for installing extensions that modify New Tab Page (NTP)

    Extensions can modify the main site shown on a new tab, called the new tab page (NTP). Users often install extensions that modify NTP but aren't fully aware of how their experience will change. Starting in M61, there is a new permission warning shown at extension install time, which will indicate that the extension can change the default NTP to a custom site. The goal of these changes is to improve user awareness about extensions that will change their Chrome defaults, once installed.

Deprecations

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

To see all of the changes that are in Chrome 61, visit the commit log.

 

↑ back to top

Chrome 60

Security updates

Learn more about the latest Chrome security updates in the Chrome Releases Blog.

Enterprise features

  • Chrome Enterprise Bundle (May 23, 2017)

    Google announced the release of the Chrome Enterprise Bundle, as well as Chrome Browser support for new platforms: Citrix Xenapp, Terminal Services, and Windows Server platforms. See the announcement.

Deprecations

  • Adobe Flash Deprecation

​​Adobe announced on July 25, 2017 it plans to deprecate Flash by the end of 2020. See Adobe's announcement and Chrome's blog post regarding the Flash deprecation.

To see all of the changes in Chrome 60, visit the commit log.

 

↑ back to top

Chrome 59

Enterprise features

  • Chrome Enterprise Bundle (May 23, 2017)

    Google announced the release of the Chrome Enterprise Bundle as well as Chrome Browser support for new platforms: Citrix Xenapp, Terminal Services, Windows Server platforms. See the announcement.

UI changes

  • Material Design comes to Chrome settings

    Chrome Settings has updated to Material Design with a new look with the same ease of use and functionality.

    Notable changes:

    • Larger and more prominent search bar
    • New menu icon Menu to the top left of Settings that gives you an easy way to jump to specific sections, like People, Appearance, and Search Engine
    • Combined and simplified Sign In and People sections
    • Streamlined Content Settings section
    • Search section renamed Search Engine
    • Privacy section renamed Privacy and Security
    • Proxy settings moved under the System section
    • Font sizes and page zoom settings moved to the Appearance section
    • HTTPS/SSL Manage Certificates settings moved under Privacy and Security section

To see all of the changes in Chrome 59, visit the commit log.

 

↑ back to top

Chrome 58

UI changes

  • Material Design coming soon to the Chrome settings page (59)

    For those already on Chrome's Dev or Canary channels, the Chrome settings (chrome://settings) page has updated to Material Design. The updated design is planned to launch in Chrome 59.

  • New desktop welcome page (Windows 10)

    We redesigned Chrome's first-run experience in M58. On Windows 10 platforms, we display a welcome page, which explains how to set Chrome as the default browser or pin it to the Windows taskbar. For Windows 7 and Windows 8 platforms, we display a Material Design page that promotes the Sign in to Chrome feature. This page launched to Mac and Linux during the Chrome 57 release.

Deprecations

  • Changes to website certificate handling

    After many years of the practice being discouraged, Chrome 58 removes support for the commonName field in website certificates. Only the subjectAltName extension will be used when matching certificates to host names. The EnableCommonNameFallbackForLocalAnchors policy can be used to re-enable old behavior for locally installed roots. Organizations are strongly encouraged to migrate to modern certificate standards and not rely on the continued presence of this policy.

    Chrome 56 stopped trusting certificates issued by WoSign and StartCom after October 21, 2016 in response to various incidents, and included a whitelist of certificates that would continue to work. Chrome 58 continues reducing the size of that whitelist.

    As a reminder, since Chrome 56, the use of SHA-1 website certificates is no longer supported unless configured via policy: EnableSha1ForLocalAnchors. This policy can be used to re-enable old behavior for locally installed roots, which gives organizations more time to move away from SHA-1 certificates. Chrome strongly encourages organizations to migrate to modern certificate standards and not rely on the continued presence of this policy, because it will be removed in January 2019.

To see all of the changes that are in Chrome 58, visit the commit log.

 

↑ back to top

Chrome 57

Security updates

  • Form Not Secure warning UI (M56)

    To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. As part of a long-term plan to mark all HTTP sites as non-secure, beginning in January 2017 (Chrome 56), we mark HTTP pages that collect passwords or credit cards as non-secure. Read about Moving toward a more secure web.

  • Chrome chip and icon

    Chrome security chip and icon for Chrome internal pages (Settings, History, Downloads...) indicate and verify that page is a secure internal Chrome page.

    You are viewing a secure Google Chrome page dialog box
  • Extension name chips

    Chrome will begin showing the extension name if the page URL is a chrome-extension:// URL. The extension name is displayed in the same style as security indicator URL-bar strings, but without any animations.

Enterprise features

  • Windows roaming profiles support

    We are launching initial support for roaming profiles on Windows. It enables users to have a Chrome Sync experience anywhere they sign in to Windows with their domain accounts if roaming profiles are enabled without the need to sign in to Chrome. For more information, see Using Chrome on roaming user profile.

  • Migrating capable 32-bit Chrome users to 64-bit Chrome

    To improve stability, performance, and security, users who are currently on the 32-bit version of Chrome and 64-bit Windows with 4 GB or more memory will be automatically migrated to 64-bit Chrome during the Chrome 57 rollout. The 32-bit Chrome will still be available via the Chrome download page.

UI changes

  • Revamp first-run and onboarding experience

    We redesigned Chrome's first-run experience in 57. On non-Windows 10 platforms, we display a Material Design page which promotes the Sign in to Chrome feature. For Windows 10, this feature will be launched in the Chrome 58 release.

    Welcome to Chrome sign in page
  • Requiring explicit user action to enable sideloaded extensions on Mac

    In some instances, Chrome extensions can be bundled with Mac software and added during the software download and installation process.

    Extensions that are bundled with Mac applications will be added to Chrome in a disabled state. The user will be prompted to either enable the extension or remove it from Chrome.

    Alert box to enable a Chrome extension on a Mac

Deprecations

  • chrome://plugins

    The Chrome plugins page was used to allow management of plugin settings within Chrome. But as the web has evolved, there have been fewer plugins to manage over time. In this update, the team moved the controls for the remaining components to a more standard and discoverable location: Chrome's content settings, which can be easily accessed at chrome://settings/content.

    A list of where common settings went:

    • Chrome PDF viewer options moved under Privacy and then Content settings and then PDF documents.
    • Adobe Flash Player options moved under Privacy and then Content settings and then Flash.
    • Widevine Content Decryption Module (which enables Widevine licenses for playback of HTML audio/video content) can be adjusted under Privacy and then Content settings and then Protected Content.
  • Deprecating insecure certificate types

    Since 56, Chrome has not trusted server certificates that use the insecure SHA-1 hash algorithm if they chain to publicly trusted roots. In Chrome 57, that is also true for enterprise or locally installed roots, unless the EnableSha1ForLocalAnchors policy has been set.

    Note that a collision attack has now been demonstrated against SHA-1. This policy should only be enabled after consulting your security team. Read more about setting Chrome policies for devices and SHA-1 Certificates in Chrome.

    Chrome 58 won't consider a certificate's common name when performing trust evaluation and will rely on subject alternative name only, unless the EnableCommonNameFallbackForLocalAnchors policy is set. Turn this policy on only after consulting your security team.

  • Distrusting WoSign and StartCom certificates

    Chrome 57 continues to reduce the number of whitelisted sites that can use WoSign or StartCom issued certificates, as Google discontinues trust for these certificates. Learn more in this blog post and on Chromium.org.

To see all of the changes in Chrome 57, visit the commit log.

 

↑ back to top

Still need help?

Was this article helpful?
How can we improve it?