Google has pushed out a major update to its desktop Chrome browser, just a day after a previous update that fixed two serious security flaws, and the same day that a third serious Chrome security flaw was disclosed on Twitter.
The new version, Chrome 90.0.4430.72, patches 37 more security vulnerabilities, although probably not the one disclosed yesterday. But it also makes encrypted web connections the default, which should speed up performance. Plus, it Chrome 90 adss support for videoconferencing services.
- Chrome and Edge hacked by new zero-day flaw — what to do
- The best Android browsers for your phone
- Plus: Windows 10 update causing blue screens of death — what to do
HTTPS by default = faster load times
The shift to encrypted web connections by default is perhaps the most important change introduced in Chrome 90.
From now on, if a user types in a regular web address such as "foofoo.com" into the address bar, Chrome will first try to connect to that domain using the encrypted HTTPS protocol instead of the older, plaintext HTTP protocol. (The "S" in "HTTPS" stands for "secure.")
Google says this change will speed up loading times of websites (like Tom's Guide) that support HTTPS because before yesterday, HTTP was tried first and browsers needed to be redirected to the HTTPS protocol.
Here's an animated GIF that Google made to demonstrate how this works.
How to update to Chrome 90
To update to Chrome 90.0.4430.72 in Windows or macOS, click the three vertical dots at the top right of the browser window, scroll down to and click Help, and then click About Google Chrome in the fly-out menu.
A new tab will open informing you either that your browser is up-to-date or that a new update is downloading and the browser needs to be relaunched to install the update. Most Linux users will have to wait for the new build to be incorporated into their distribution updates.
As of this writing, other Chromium-based desktop browsers, including Microsoft Edge and Brave, had not been updated to match Chrome. [Update: Edge is supposed to be updated later today, April 15.] The open-source Chromium browser project is maintained by Google staffers and volunteer coders.
Chrome 90 security updates
Chrome 90's security fixes run the severity gamut from "High" to "Low," with six vulnerabilities in the former category. At least one is quite old, having been reported to Google in November 2019; its finders got a bug bounty of $20,000 from Google.
We civilians can't see the details of the flaws yet, though; Google restricts access to their workings until most users have their systems patched.
Chrome 90: AV1 support built in
Chrome 90 also adds support for AV1, a fairly new video-encoding format that was developed by a consortium of Big Tech companies — Amazon, Apple, Facebook, Google and Microsoft among them — to avoid the royalty and licensing issues that had bedeviled earlier encoding formats.
The addition of AV1 should make videoconferences using Google's own Duo and Meet platforms, as well as Cisco's WebEx, smoother, especially for users with low bandwidth. Screen-sharing is also supposed to get easier.
Also, here's a somewhat cringey video made by Chrome Developer Advocate Pete LePage to explain the changes for developers in the new browser. Chrome '90s — get it?
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.