Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Chrome & Chromium
Chrome 78 Released With DoH Trial, Tab Hover Cards, and More
Message
<blockquote data-quote="DDE_Server" data-source="post: 841050" data-attributes="member: 65727"><p><img src="https://www.bleepstatic.com/content/hl-images/2019/02/03/Signed_Exchanges.jpg" alt="Chrome" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>Google has released Chrome 78 to the Stable desktop channel, with new improvements, features, and 37 security fixes. Included in this release is the DoH trial for all users on supported DNS providers, a basic Tab Hover Cards, and some other features behind experimental flags.</p><p></p><p>Windows, Mac, and Linux desktop users can upgrade to Chrome 78.0.3904.70 by going to <strong>Settings </strong>-> <strong>Help </strong>-> <strong>About Google Chrome</strong> and the browser will automatically check for the new update and install it when available. Android and iOS users can update Chrome from their respective App stores.</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/chrome-about.jpg" alt="Google Chrome 78" class="fr-fic fr-dii fr-draggable " style="" /><strong>Google Chrome 78</strong></p><p>With Chrome 77 now being promoted to the Stable channel, Chrome 79 will soon (October 31) be the Beta version and Chrome 80 will b e the Canary version.</p><p></p><p>A full list of all changes in this release is available in the <a href="https://chromium.googlesource.com/chromium/src/+log/77.0.3865.120..78.0.3904.70?pretty=fuller&n=10000" target="_blank">Chrome 78 changelog</a>.</p><p></p><p><span style="font-size: 22px"><strong>DNS-Over-HTTPS (DoH) Trial</strong></span></p><p>Earlier this month <a href="https://www.bleepingcomputer.com/news/technology/google-unveils-dns-over-https-doh-plan-mozillas-faces-criticism/" target="_blank">we reported</a> that starting with Chrome 78, Google will be conducting a DNS-Over-HTTPS (DoH) trial on all supported platforms other than Linux and iOS.</p><p></p><p>Unlike Firefox's DoH plan, which will only use CloudFlare as the DoH provider at first, Google Chrome will attempt to upgrade the browser's DNS resolution to DoH only if your DNS provider is supported.</p><p></p><p>For the test, the listed of support DNS providers are:</p><p></p><p>Cleanbrowsing</p><p>Cloudflare</p><p>DNS.SB</p><p>Google</p><p>OpenDNS</p><p>Quad9</p><p><span style="font-size: 22px"><strong>"Close other tabs" option removed</strong></span></p><p>In order to <a href="https://www.bleepingcomputer.com/news/google/google-chrome-is-losing-the-close-other-tabs-option/" target="_blank">reduce "clutter"</a>, Google has removed various right-click tab context-menu options whose function can be achieved through other means.</p><p></p><p>The context-menu options that were removed are 'New tab', 'Close other tabs', 'Reopen closed tab', and 'Bookmark all tabs' context-menu options. They then added a new context-menu option called "New tabs to the right".</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/new-context-menu.jpg" alt="New Tab Context-Menu" class="fr-fic fr-dii fr-draggable " style="" /><strong>New Tab Context-Menu</strong></p><p>Losing the "Close other tabs" options is already missed as I commonly use it to clean up an open Window of all its open tabs other than the one I am reading.</p><p></p><p>For those who commonly use the "Close other tabs" feature, Google recommends you use Shift+Click or Ctrl+Click on the tabs you want to close and then use alt+W to close them. This is thoroughly annoying to do and I hope Google brings back the feature.</p><p></p><p><span style="font-size: 22px"><strong>Tab Hover Cards</strong></span></p><p>Chrome 78 finally has enabled the long awaited Tab Hover Cards by default, but it still does not do a very good job as it just shows the page title and the web site home URL.</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/tab-hover-card.jpg" alt="Tab Hover Card" class="fr-fic fr-dii fr-draggable " style="" /><strong>Tab Hover Card</strong></p><p>To get a full Tab Hover Card effect that includes a thumbnail image of the web page, you need to enable the "Tab Hover Card Images" flag at <a href="https://malwaretips.com/chrome%3A//flags/#tab-hover-card-images" target="_blank">chrome://flags/#tab-hover-card-images</a> for the full experience.</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/hover-card-with-image.jpg" alt="Tab Hover Card with Images" class="fr-fic fr-dii fr-draggable " style="" /><strong>Tab Hover Card with Images</strong></p><p><span style="font-size: 22px"><strong>Native File System API</strong></span></p><p>Starting in Chrome 78, web developers can get <a href="https://developers.chrome.com/origintrials/#/view_trial/3868592079911256065" target="_blank">access to a trial</a> of the new Native File System API that will allow website applications to get direct access to files on your site.</p><p></p><p>This API will allow a website to initiate a file picker dialog where you select a file to open. You can then manipulate the file on the web app and let the web site save the changes directly back to your file.</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/fs-save-permission-crop[1].jpg" alt="Save permission" class="fr-fic fr-dii fr-draggable " style="" /><strong>Source: Google.</strong></p><p><span style="font-size: 22px"><strong>Integrated Password Checkup experiment</strong></span></p><p>With today's <a href="https://www.bleepingcomputer.com/news/software/firefox-70-released-with-in-browser-data-breach-notifications/" target="_blank">release of Firefox 70</a>, Mozilla added an in-browser data breach notification feature.</p><p></p><p>Not to be outdone, Google also has an experimental feature called "<a href="https://www.bleepingcomputer.com/news/google/google-chrome-to-warn-if-logins-are-found-in-a-data-breach/" target="_blank">Password Leak Detection</a>" at <a href="https://malwaretips.com/chrome%3A//flags/#password-leak-detection" target="_blank">chrome://flags/#password-leak-detection</a> that will also show in-browser notifications when your saved logins were found in a data breach.</p><p></p><p>When this flag is enabled, a new option can be found in the browser's password manager called "Check password safety".</p><p></p><p>If you are logged in and syncing your account with Google, this feature will become enabled and cause the browser to display notifications if your saved login was found in a data breach.</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/password-leak/data-breach-reported-multiple.jpg" alt="Data Breach Notification" class="fr-fic fr-dii fr-draggable " style="" /><strong>Data Breach Notification</strong></p><p><span style="font-size: 22px"><strong>Forced Dark Mode experiment</strong></span></p><p>In August <a href="https://www.bleepingcomputer.com/news/google/google-chrome-tests-feature-that-gives-any-site-a-dark-mode/" target="_blank">we reported</a> that Google Chrome was testing a new feature in the Chrome 78 Canary build that would allow you to force a Dark Mode theme on any web site, even if they do not support it.</p><p></p><p>When testing this feature, we were pleasantly surprised by how well it performed on our site. While it was not perfect, it definitely did a nice job.</p><p></p><p><img src="https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/forced-dark-mode-on-sites/bleepingcomputer-dark-mode.jpg" alt="Forced Dark Mode on BleepingComputer.com" class="fr-fic fr-dii fr-draggable " style="" /><strong>Forced Dark Mode on BleepingComputer.com</strong></p><p>This feature is still behind an experimental flag, so you will first need to enable the "Force Dark Mode for Web Contents" flag at <a href="https://malwaretips.com/chrome%3A//flags/#enable-force-dark" target="_blank">chrome://flags/#enable-force-dark</a>.</p><p></p><p>In our tests, we found the "Enabled with selective inversion of non-image elements" option to work the best.</p><p></p><p><span style="font-size: 22px"><strong>36 security vulnerabilities fixed</strong></span></p><p>The release of Chrome 78 fixes 37 security vulnerabilities, with the following discovered by external researchers:</p><p></p><ul> <li data-xf-list-type="ul">High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06</li> <li data-xf-list-type="ul">High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28</li> <li data-xf-list-type="ul">High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27</li> <li data-xf-list-type="ul">Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois (<a href="mailto:phillip.langlois@nccgroup.com">phillip.langlois@nccgroup.com</a>) and Edward Torkington (<a href="mailto:edward.torkington@nccgroup.com">edward.torkington@nccgroup.com</a>), NCC Group on 2019-08-06</li> <li data-xf-list-type="ul">Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12</li> <li data-xf-list-type="ul">Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05</li> <li data-xf-list-type="ul">Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30</li> <li data-xf-list-type="ul">Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05</li> <li data-xf-list-type="ul">Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01</li> <li data-xf-list-type="ul">Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13</li> <li data-xf-list-type="ul">Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18</li> <li data-xf-list-type="ul">Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18</li> <li data-xf-list-type="ul">Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20</li> <li data-xf-list-type="ul">Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16</li> <li data-xf-list-type="ul">Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13</li> <li data-xf-list-type="ul">Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10</li> <li data-xf-list-type="ul">Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent's Xuanwu Lab on 2017-08-31</li> <li data-xf-list-type="ul">Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19</li> <li data-xf-list-type="ul">Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent's Xuanwu Lab on 2018-05-03</li> <li data-xf-list-type="ul">Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20</li> <li data-xf-list-type="ul">Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31</li> </ul></blockquote><p></p>
[QUOTE="DDE_Server, post: 841050, member: 65727"] [IMG alt="Chrome"]https://www.bleepstatic.com/content/hl-images/2019/02/03/Signed_Exchanges.jpg[/IMG] Google has released Chrome 78 to the Stable desktop channel, with new improvements, features, and 37 security fixes. Included in this release is the DoH trial for all users on supported DNS providers, a basic Tab Hover Cards, and some other features behind experimental flags. Windows, Mac, and Linux desktop users can upgrade to Chrome 78.0.3904.70 by going to [B]Settings [/B]-> [B]Help [/B]-> [B]About Google Chrome[/B] and the browser will automatically check for the new update and install it when available. Android and iOS users can update Chrome from their respective App stores. [IMG alt="Google Chrome 78"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/chrome-about.jpg[/IMG][B]Google Chrome 78[/B] With Chrome 77 now being promoted to the Stable channel, Chrome 79 will soon (October 31) be the Beta version and Chrome 80 will b e the Canary version. A full list of all changes in this release is available in the [URL='https://chromium.googlesource.com/chromium/src/+log/77.0.3865.120..78.0.3904.70?pretty=fuller&n=10000']Chrome 78 changelog[/URL]. [SIZE=6][B]DNS-Over-HTTPS (DoH) Trial[/B][/SIZE] Earlier this month [URL='https://www.bleepingcomputer.com/news/technology/google-unveils-dns-over-https-doh-plan-mozillas-faces-criticism/']we reported[/URL] that starting with Chrome 78, Google will be conducting a DNS-Over-HTTPS (DoH) trial on all supported platforms other than Linux and iOS. Unlike Firefox's DoH plan, which will only use CloudFlare as the DoH provider at first, Google Chrome will attempt to upgrade the browser's DNS resolution to DoH only if your DNS provider is supported. For the test, the listed of support DNS providers are: Cleanbrowsing Cloudflare DNS.SB Google OpenDNS Quad9 [SIZE=6][B]"Close other tabs" option removed[/B][/SIZE] In order to [URL='https://www.bleepingcomputer.com/news/google/google-chrome-is-losing-the-close-other-tabs-option/']reduce "clutter"[/URL], Google has removed various right-click tab context-menu options whose function can be achieved through other means. The context-menu options that were removed are 'New tab', 'Close other tabs', 'Reopen closed tab', and 'Bookmark all tabs' context-menu options. They then added a new context-menu option called "New tabs to the right". [IMG alt="New Tab Context-Menu"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/new-context-menu.jpg[/IMG][B]New Tab Context-Menu[/B] Losing the "Close other tabs" options is already missed as I commonly use it to clean up an open Window of all its open tabs other than the one I am reading. For those who commonly use the "Close other tabs" feature, Google recommends you use Shift+Click or Ctrl+Click on the tabs you want to close and then use alt+W to close them. This is thoroughly annoying to do and I hope Google brings back the feature. [SIZE=6][B]Tab Hover Cards[/B][/SIZE] Chrome 78 finally has enabled the long awaited Tab Hover Cards by default, but it still does not do a very good job as it just shows the page title and the web site home URL. [IMG alt="Tab Hover Card"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/tab-hover-card.jpg[/IMG][B]Tab Hover Card[/B] To get a full Tab Hover Card effect that includes a thumbnail image of the web page, you need to enable the "Tab Hover Card Images" flag at [URL='https://malwaretips.com/chrome%3A//flags/#tab-hover-card-images']chrome://flags/#tab-hover-card-images[/URL] for the full experience. [IMG alt="Tab Hover Card with Images"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/hover-card-with-image.jpg[/IMG][B]Tab Hover Card with Images[/B] [SIZE=6][B]Native File System API[/B][/SIZE] Starting in Chrome 78, web developers can get [URL='https://developers.chrome.com/origintrials/#/view_trial/3868592079911256065']access to a trial[/URL] of the new Native File System API that will allow website applications to get direct access to files on your site. This API will allow a website to initiate a file picker dialog where you select a file to open. You can then manipulate the file on the web app and let the web site save the changes directly back to your file. [IMG alt="Save permission"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/release/fs-save-permission-crop[1].jpg[/IMG][B]Source: Google.[/B] [SIZE=6][B]Integrated Password Checkup experiment[/B][/SIZE] With today's [URL='https://www.bleepingcomputer.com/news/software/firefox-70-released-with-in-browser-data-breach-notifications/']release of Firefox 70[/URL], Mozilla added an in-browser data breach notification feature. Not to be outdone, Google also has an experimental feature called "[URL='https://www.bleepingcomputer.com/news/google/google-chrome-to-warn-if-logins-are-found-in-a-data-breach/']Password Leak Detection[/URL]" at [URL='https://malwaretips.com/chrome%3A//flags/#password-leak-detection']chrome://flags/#password-leak-detection[/URL] that will also show in-browser notifications when your saved logins were found in a data breach. When this flag is enabled, a new option can be found in the browser's password manager called "Check password safety". If you are logged in and syncing your account with Google, this feature will become enabled and cause the browser to display notifications if your saved login was found in a data breach. [IMG alt="Data Breach Notification"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/password-leak/data-breach-reported-multiple.jpg[/IMG][B]Data Breach Notification[/B] [SIZE=6][B]Forced Dark Mode experiment[/B][/SIZE] In August [URL='https://www.bleepingcomputer.com/news/google/google-chrome-tests-feature-that-gives-any-site-a-dark-mode/']we reported[/URL] that Google Chrome was testing a new feature in the Chrome 78 Canary build that would allow you to force a Dark Mode theme on any web site, even if they do not support it. When testing this feature, we were pleasantly surprised by how well it performed on our site. While it was not perfect, it definitely did a nice job. [IMG alt="Forced Dark Mode on BleepingComputer.com"]https://www.bleepstatic.com/images/news/web-browsers/chrome/chrome-78/forced-dark-mode-on-sites/bleepingcomputer-dark-mode.jpg[/IMG][B]Forced Dark Mode on BleepingComputer.com[/B] This feature is still behind an experimental flag, so you will first need to enable the "Force Dark Mode for Web Contents" flag at [URL='https://malwaretips.com/chrome%3A//flags/#enable-force-dark']chrome://flags/#enable-force-dark[/URL]. In our tests, we found the "Enabled with selective inversion of non-image elements" option to work the best. [SIZE=6][B]36 security vulnerabilities fixed[/B][/SIZE] The release of Chrome 78 fixes 37 security vulnerabilities, with the following discovered by external researchers: [LIST] [*]High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06 [*]High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28 [*]High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27 [*]Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois ([email]phillip.langlois@nccgroup.com[/email]) and Edward Torkington ([email]edward.torkington@nccgroup.com[/email]), NCC Group on 2019-08-06 [*]Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12 [*]Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05 [*]Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30 [*]Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05 [*]Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01 [*]Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13 [*]Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18 [*]Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18 [*]Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20 [*]Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16 [*]Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13 [*]Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10 [*]Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent's Xuanwu Lab on 2017-08-31 [*]Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19 [*]Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent's Xuanwu Lab on 2018-05-03 [*]Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20 [*]Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31 [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
