Chrome 58 was just released on the desktop a few days ago, and in speedier fashion than usual, Chrome 58 for Android is now available. This update focuses on improvements to Chrome Custom Tabs and Progressive Web Apps, includes dozens of minor improvements, and blocks HTTPS/SSL certificates from certain certificate providers.

Improvements to Chrome Custom Tabs

Google has been working on Chrome Custom Tabs quite a lot recently. In the last update, Custom Tabs gained almost all the functionality of normal Chrome tabs, such as finding text in the page and adding sites to the home screen.

However, links in Custom Tabs were still pretty limited. Holding down on a link would only reveal options to copy the link or download it. Thankfully, Chrome 58 addresses this by adding more functions, such as the ability to open the link in a new Chrome tab.


Left: Chrome 57; Right: Chrome 58

With this change, there really aren't any differences (as far as functionality goes) between normal Chrome tabs and Custom Tabs.

Distrusting all WoSign and StartCom certificates

When you see the green lock icon and the word 'Secure,' that means that the site you're viewing has a valid SSL certificate. These certificates are provided by Certificate Authorities, which have the responsibility of verifying ownership of a given site before issuing a certificate for it.

Before you scroll down to the next section because this sounds boring, stay with me, because this is where the craziness begins. Back in October, Google called out WoSign for issuing a certificate for one of GitHub's domains - without GitHub's authorization. In layman's terms, WoSign gave away a key to GitHub's house without asking GitHub's permission.

As you can imagine, that didn't go over too well. Google conducted an investigation into WoSign's business practices, and found that the company had "knowingly and intentionally misissued certificates in order to circumvent browser restrictions and CA requirements." In addition, StartCom (which was previously bought by WoSign) had basically been completely absorbed into WoSign - despite StartCom repeatedly saying otherwise.

An example of an SSL certificate error.

Due to the damage that WoSign and StartCom's certificates could do, Google started distrusting all of their certificates issued after October 21, 2016 with Chome 56 (and Mozilla did something similar). However, starting with Chrome 58, Chrome will not trust any WoSign and StartCom certificates at all.

So if you see security warnings on sites you visit with Chrome 58, they may have been using certificates from those two companies.

Removal of old New Tab Page UI

You may recall that back in Chrome 54, Google changed the New Tab Page to add suggested articles. The new design removed the Bookmarks and Recent Tabs buttons, which annoyed some users. Thankfully, you could go back to the old design fairly easily.

However, one of the flags required to disable the new design (#enable-ntp-snippets) has been removed in Chrome 58. We first spotted this in the Chrome 58 Beta, so this isn't unexpected, but still unfortunate. You can still remove the suggestions by disabling #enable-ntp-remote-suggestions, but the Bookmarks and Recent tabs buttons do not come back.

Changes to Progressive Web Apps

If you're not aware, Progressive Web Apps are web applications that behave like native apps. They can push notifications, share content to other Android apps (and receive shared content), and even have their own icons in the app drawer.

Further blurring the line between native and web apps, Chrome 58 gives PWAs the ability to go full-screen. By adding "display: fullscreen" to the web app's manifest, PWAs opened from the home screen/app drawer will hide the status bar and (if applicable) software navigation bar.

In addition, Progressive Web Apps launched from the home screen/app drawer now have the ability to autoplay video unmuted. On normal sites, Chrome on Android automatically mutes any auto-playing video.

Other features

As with every Chrome release, there are several smaller features that are worth briefly mentioning. Here are a few of them.

  • Websites can now customize Chrome's native media controls with the new ControlsList API.
  • If you're using an Android device with a mouse, clicking inside web pages will register MouseEvents in the page instead of TouchEvents. Basically, websites will know you're using a mouse instead of a touch screen.
  • Sites can now use the CSS color-gamut media query to detect the approximate range of colors supported by Chrome and the device it's running on.
  • Chrome 58 supports trailing commas in Javascript, for parameter and argument lists.
  • Non-HTTPS sites can no longer display notifications with the Notifications API.
  • Navigating to data: URLs in tabs (doesn't apply to content embedded in the page) is no longer supported. I'm actually incredibly glad Google has done this, because it has been recently used in many phishing scams - like this one.
  • Chrome 58 supports IndexDB 2.0. You can read more about the improvements here.
  • The Autofill page in Chrome settings has been renamed to 'Autofill and Payments.'
  • The Downloads and History pages have minor UI changes.

APK Download

The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.

Version: 58.0.3029.83

Google Chrome: Fast & Secure
Google Chrome: Fast & Secure
Developer: Google LLC
Price: Free