Everything New in Chrome 104

Posted on by

Google’s latest update, Chrome 104, is here. Assuming you have surprisingly high system requirements , you might want to update your browser today to take advantage of its new features and changes. The biggest UI changes are for Chromebook users with Chrome OS, but all Chrome users will benefit from the security fixes.

The new Chrome update contains 27 security fixes.

The most important reason to update Google Chrome is to install the 27 security patches that come with it. To be clear, the security situation is not dire: according to the Google Chrome Releases blog , none of the 27 vulnerabilities patched with Chrome 104 are “day zero”, meaning there is no evidence that the vulnerabilities were exploited in wild nature. . If you’re using Chrome 103 today, you’re unlikely to run into one of these security flaws. However, these 27 vulnerabilities are now known to the public and it’s only a matter of time before attackers learn how to use them against users who don’t have Chrome 104.

In addition, seven of these deficiencies are rated “high”, meaning they pose a greater threat than others. Here is the full list with “high” vulnerabilities at the top:

  • [$15000][ 1325699 ] High CVE-2022-2603: Use after free use in Omnibox. Reported by Anonymous on May 16, 2022.
  • [10000$][ 1335316 ] High CVE-2022-2604: use after free use in Safe Browsing. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on June 10, 2022.
  • [$7000][ 1338470 ] High CVE-2022-2605: Out of bounds reading in Dawn. This was reported by Luben Yan on June 22, 2022.
  • [$5000][ 1330489 ] High CVE-2022-2606: use after free usage in Managed Devices API. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on May 31, 2022.
  • [$3000][ 1286203 ] High CVE-2022-2607: use after free use in tab strip. Reported by @ginggilBesel on January 11, 2022.
  • [$3000][ 1330775 ] High CVE-2022-2608: use after free use in preview mode. This was reported by Khalil Jani on June 1, 2022.
  • [$TBD][ 1338560 ] High CVE-2022-2609: Use after free Nearby Share access. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on June 22, 2022.
  • [$8000][ 1278255 ] Medium CVE-2022-2610: Insufficient background fetch policing. This was reported by Maurice Dauer on December 9, 2021.
  • [$5000][ 1320538 ] Medium CVE-2022-2611: Invalid implementation in fullscreen API. This was reported by Irvan Kurniavan (source 7) on April 28, 2022.
  • [$5000][ 1321350 ] Medium CVE-2022-2612: Side channel information leaked while typing. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) April 30, 2022
  • [$5000][ 1325256 ] Medium CVE-2022-2613: Use after free in input. This was reported by Petr Tworek (Vewd) on May 13, 2022.
  • [$5000][ 1341907 ] Medium CVE-2022-2614: Use after free login. This was reported by a raven from the KunLun laboratory on July 05, 2022.
  • [$4000][ 1268580 ] Medium CVE-2022-2615: Insufficient policy enforcement in cookies. This was reported by Maurice Dauer on November 10, 2021.
  • [$3000][ 1302159 ] Medium CVE-2022-2616: Invalid implementation in Extensions API. This was reported by Alesandro Ortiz on March 2, 2022.
  • [$2000][ 1292451 ] Medium CVE-2022-2617: use after free trial in Extensions API. Reported by @ginggilBesel on Jan 31, 2022.
  • [$2000][ 1308422 ] Medium CVE-2022-2618: Insufficient validation of untrusted inputs in internal components. Reported by asnine on March 21, 2022.
  • [$2000][ 1332881 ] Medium CVE-2022-2619: Insufficient untrusted input check in settings. Reported by Oliver Dunk on June 04, 2022
  • [$2000][ 1337304 ] Medium CVE-2022-2620: Use after free use in WebUI. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on June 17, 2022.
  • [$1000][ 1323449 ] Medium CVE-2022-2621: Use after free use in extensions. Reported by Huyna of Viettel Cyber ​​Security May 07, 2022
  • [$1000][ 1332392 ] Medium CVE-2022-2622: Insufficient untrusted input check in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on June 3, 2022
  • [$1000][ 1337798 ] Medium CVE-2022-2623: use after free offline use. This was reported by a raven from the KunLun laboratory on June 20, 2022.
  • [$TBD][ 1339745 ] Medium CVE-2022-2624: PDF heap buffer overflow. This was reported by YU-CHANG CHEN and CHIH-YEN CHANG working with the DEVCORE internship program on June 27, 2022.

However, according to How-To Geek , it’s not all about security updates. Here’s what else you can expect when you upgrade to Chrome 104 (bonus points if you have a Chromebook).

Chrome OS officially supports light and dark mode

Dark mode is the most requested feature in any software, and it’s now available in Chrome OS. With the latest update, Google not only officially supports switching between light and dark modes, but now also allows you to switch between them automatically. I use this feature on my devices so when the sun starts to go down everything goes into dark mode.

New Start Menu for Chrome OS

Another great feature: Chromebooks now have a Windows-like Start menu dubbed the “Productivity Launcher”. It comes bundled with a Google search bar and an assistant shortcut. Also, on the other side of the system tray, you’ll find a date with a new feature: when you click on it, you’ll see a large, useful calendar widget.

Share only selected part of the screen in videos

Anyone who regularly shares their screen will appreciate this update: web app developers can implement a feature called ” Region Capture ” that now allows users to crop an area of ​​your display for recording or sharing, rather than focusing on the entire window or full screen. This feature can help allay concerns about over-sharing by giving you control over exactly how much of your screen others can see.

Of course, developers need to implement region capture into their services, so you might not see this feature coming out right away. However, it works on Chrome 104.

LazyEmbeds (limited testing)

Google is also testing a feature called LazyEmbeds, which only loads embedded content on a website when it becomes visible on your screen. This is a by-product of lazy loading, in which browsers only load a site’s content when the user sees it, rather than downloading the entire site and its content at once. Only 1% of Chrome users will participate in this testing at this time, so this is not a full rollout in version 104.

New developer updates

With each new version of Chrome, Google releases new features for developers. You can find the full list of changes on the Google DevTools Blog and Chromium Blog, as well as this DevTools 104 video :

Chrome 104 – What’s New in DevTools

How to update google chrome

Luckily, updating Chrome on your computer is easy: Click on the three dots in the top right corner of the window, then choose Help > About Google Chrome . Let Chrome load for a moment – when the update is ready, you can click “Relaunch” to restart the browser with Chrome 104.

More…

0
Tech

Leave a Reply