top of page

Chrome 67 is out: Password-free logins get closer, plus bug fixes, better AR-VR support

Google's Chrome 67 has new APIs for augmented reality and virtual reality, as well as support for WebAuthn spec.

Google has released stable Chrome 67 for Windows, Mac and Linux, bringing 34 security fixes and default support for WebAuthn, the new specification aimed at killing off passwords.

As announced in April, Chrome 67 would be the first version of Chrome to enable support for WebAuthn by default, offering a way to sign up to websites using biometrics like fingerprints or facial images stored in a smartphone, or USB hardware like Yubikey's authentication device.

Chrome 67 also introduces support for the Generic Sensor API, a W3C specification developed by Intel, which expands the use of sensors from native apps to web applications in gaming, VR and AR, and fitness tracking.

Google suggests the accelerometer could use the motion of the device to move around in a 3D video. Other available sensors include the gyroscope, orientation sensor, and motion sensors.

Another feature in Chrome 67 that could help AR and VR developers on the web is the WebXR Device API. Google says this will help unify experiences across mobile VR headsets like Daydream or Samsung's Gear VR, and desktop headsets including Oculus Rift, HTC Vive, and the various Windows Mixed Reality headsets.

Besides games, the API caters to a range of other applications including immersive 360-degree videos, 2D or 3D videos presented in immersive surroundings, data visualization, home shopping, and art.

HPKP or HTTP public key pinning (HPKP), a web security standard developed by Google, has now been deprecated in Chrome 67. Google flagged this change last year, citing low adoption and the potential for abuse for its move away from HPKP in favor of Certificate Transparency.

Google is also widening the rollout of Chrome's site-isolation security feature, which is part of its mitigation for Spectre speculative side-channel CPU attacks.

Google notes that site isolation causes 10 to 11 percent higher memory use in Chrome 67 when isolating all sites with many tabs open. That's slightly down on the estimated 10 to 12 percent it observed in Chrome 65.

Finally, Google fixed 34 security bugs in Chrome, 24 of which were reported by external researchers. Google lists nine high-severity flaws, 12 medium-severity flaws, and three low-severity issues.

Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page