Google’s latest update, Chrome 104, is here. Assuming you have the surprisingly generous system requirements, you can update your browser today to take advantage of its new features and changes. The biggest UI changes are for Chromebook users running Chrome OS, but all Chrome users will benefit from the security patches.
The new Chrome update comes with 27 security patches
The most important reason to update Google Chrome is to install the 27 security patches it comes with. To be clear, the security situation isn’t dire: According to Google’s Chrome Releases blog, none of the 27 vulnerabilities patched with Chrome 104 are “zero-day,” meaning there’s no evidence the vulnerabilities have been exploited by malicious users in the wild. If you’re running Chrome 103 today, you aren’t likely to be targeted with one of these security flaws. That said, these 27 vulnerabilities are now known to the public and it’s only a matter of time before bad actors discover how to use them against users who don’t have Chrome 104.
In addition, seven of these flaws are rated as “High,” meaning they are more of a threat than others. Here is the complete list, with the “High” vulnerabilities listed at the top:
- [$15000][1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
- [$10000][1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10
- [$7000][1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
- [$5000][1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
- [$3000][1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
- [$3000][1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01
- [$TBD][1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- [$8000][1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09
- [$5000][1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28
- [$5000][1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30
- [$5000][1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
- [$5000][1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
- [$4000][1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10
- [$3000][1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02
- [$2000][1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31
- [$2000][1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
- [$2000][1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
- [$2000][1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
- [$1000][1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07
- [$1000][1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
- [$1000][1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20
- [$TBD][1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27
It’s not all about the security updates, though, according to How-To Geek. Here’s what else you can expect when upgrading to Chrome 104 (bonus points if you have a Chromebook).
Chrome OS officially supports light and dark mode
Dark mode is any software’s most requested feature, and now it’s available in Chrome OS. With the latest update, Google not only officially supports switching between light and dark mode, but also now lets you switch between them automatically. I use this feature on my devices, so when the sun starts to set, everything pops into dark mode.
A new Start Menu for Chrome OS
Another great feature: Chromebooks now have a Windows-like Start Menu, dubbed the “Productivity Launcher.” It comes complete with a Google Search Bar and a shortcut for the Assistant. Plus, over on the other side of the System Tray, you’ll find the date with a new feature: When you click it, you’ll see a large, useful calendar widget.
Only share a select portion of your screen in video recordings
Anyone who regularly shares their screen will appreciate this update: Web app developers can implement a feature called Region Capture, which allows users now crop an area of your display to record or share, rather than focusing on an entire window or your whole screen. This feature can help assuage fears of over-sharing, giving you control over exactly what portion of your screen others can see.
Of course, it’ll be up to devs to implement Region Capture in their services, so you might not see this feature appear right away. It’s powered by Chrome 104 though.
LazyEmbeds (limited testing)
Google is also testing a feature called LazyEmbeds, which loads embedded content in a website only when it becomes visible on your screen. It’s a spin-off of “lazy loading,” in which browsers load site content only when a user would see it, rather than loading the entire site and its content at once. At this time, only 1% of Chrome users will participate in this testing, so it isn’t a total rollout in version 104.
New developer updates
With each new version of Chrome, Google rolls out new features for developers. You can find a complete list of changes on Google’s DevTools blog and the Chromium Blog, as well as this DevTools 104 video:
How to update Google Chrome
Fortunately, updating Chrome on your computer is easy: Click the three dots in the top right corner of the window, then choose Help > About Google Chrome. Allow Chrome to load for a moment—when the update is ready, you can click “Relaunch,” which will restart your browser with Chrome 104.
from Lifehacker https://ift.tt/WQx5hSs
0 comments:
Post a Comment