Serious Discussion Google Chrome Stable Channel Updates

[Gandalf_The_Grey]

The Stable channel has been updated to 97.0.4692.99 for Windows, Mac and Linux.
Stable Channel Update for Desktop

This update includes 26 security fixes.

 

[silversurfer]

Google released a new version of its Chrome web browser to the public. The new version of the web browser, Chrome 97.0.4692.99, is a security update that addresses 26 different issues in the browser, including one rated critical. Chrome Extended Stable has been updated as well to address the issues.

Chrome 97 update fixes 26 vulnerabilities (1 critical) - gHacks Tech News

Google released security updates for its Google Chrome browser and Google Chrome Extended browser that address 26 security issues in those browsers.

www.ghacks.net

 

[Gandalf_The_Grey]

Google Chrome 98.0.4758.80/81/82 Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 98 to the stable channel for Windows, Mac and Linux. Chrome 98 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 98.0.4758.80/81/82 for windows and 98.0.4758.80 for mac and linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 98.

Security Fixes and Rewards

This update includes 27 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$20000][1284584] High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05

[$20000][1284916] High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06

[$12000][1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17

[$7500][1270593] High CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16

[$7000][1289523] High CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21

[$5000][1274445] High CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29

[$1000][1267060] High CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Anonymous on 2021-11-05

[$TBD][1244205] High CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28

[$7500][1250227] Medium CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960 on 2021-09-16

[$3000][1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK on 2021-10-05

[$2000][1270470] Medium CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16

[$1000][1268240] Medium CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-09

[$1000][1270095] Medium CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-14

[$1000][1281941] Medium CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci on 2021-12-22

[$TBD][1115460] Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg on 2020-08-12

[$TBD][1239496] Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13

[$TBD][1252716] Medium CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24

[$TBD][1279531] Medium CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita on 2021-12-14

[$TBD][1269225] Low CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang on 2021-11-11

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 98 to the stable channel for Windows, Mac and Linux. Chrome 98 is also prom...

chromereleases.googleblog.com

 

[Gandalf_The_Grey]

Google Chrome 98.0.4758.102 Stable Channel Update for Desktop

The Stable channel has been updated to 98.0.4758.102 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 98.0.4758.102 for Windows and Mac which will roll out over the coming days/weeks

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$15000][1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22

[$7000][1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24

[$7000][1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita on 2022-01-13

[$7000][1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17

[$TBD][1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17

[$NA][1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16

[$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10

[$TBD][1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.

Stable Channel Update for Desktop

The Stable channel has been updated to 98.0.4758.102 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended sta...

chromereleases.googleblog.com

 

[silversurfer]

The vulnerability CVE-2022-0609, Use after free in Animation, is actively exploited according to Google. Google does not mention how widespread the attacks are. Chrome users may want to update to the latest version as soon as possible to protect their browsers and data from potential attacks targeting the vulnerability.

It is unclear if other Chromium-based browsers are affected. Since the vulnerability is related to Animation, it seems likely that other Chromium-based browsers are also affected by it. Expect security updates for these browsers as well in the coming days and weeks (if affected).

Chrome 98.0.4758.102 security update with patch for actively exploited vulnerability - gHacks Tech News

Google published the web browser Chrome 98.0.4758.102 to the Stable channel on February 14, 2022. The new Chrome version fixes several security issues, one of which is exploited actively according to Google.

www.ghacks.net

 

[Moonhorse]

What, did bleeping computer just remove their article about chrome 90 or did i just day dream

 

[Gandalf_The_Grey]

What, did bleeping computer just remove their article about chrome 90 or did i just day dream

Still available for me:

Google Chrome emergency update fixes zero-day exploited in attacks

Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.

www.bleepingcomputer.com

 

[Moonhorse]

Still available for me:

Google Chrome emergency update fixes zero-day exploited in attacks

Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.

www.bleepingcomputer.com

oh damn i just woke up , opened the first page of this thread and did read chrome 90 changelog, i was like why they are going back to 90 in numbering lol

 

[Gandalf_The_Grey]

oh damn i just woke up , opened the first page of this thread and did read chrome 90 changelog, i was like why they are going back to 90 in numbering lol

Good morning @Moonhorse

 

[Gandalf_The_Grey]

Google Chrome 99.0.4844.51 Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks.

Chrome 99.0.4844.51 for Windows,Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 99.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 28 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21

[$7000][1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26

[$7000][1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09

[$7000][1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-01-11

[$7000][1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28

[$7000][1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04

[$5000][1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27

[$5000][1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10

[$NA][1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21

[$15000][1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30

[$10000][1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12

[$7000][1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24

[$5000][1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michał Bentkowski of Securitum on 2021-07-20

[$3000][1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14

[$3000][1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15

[$2500][1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29

[$2000][1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25

[$1000][1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Anonymous on 2021-12-31

[$TBD][1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14

[$TBD][1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29

[$TBD][1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 99 to the stable channel for Windows, Mac and Linux. This will roll out ove...

chromereleases.googleblog.com

 

[silversurfer]

Chrome 99 will change the implementation of the JavaScript (JS) adoptedStyleSheets specification. This previously used the FrozenArray backing array but will now leverage ObservableArray. The new methods will make it easier to mutate JS arrays. While this is all quite technical, the arguably interesting thing for our readers would be that changes to this specification have been debated between Microsoft, Mozilla, Apple, and Google since 2018.

Chrome 99 is coming today with improved PWAs and a hotly debated JS spec change

Google Chrome 99 will be rolling out generally too. It packs improved support for Progressive Web Apps (PWAs), gaming, and a JavaScript specification change that has been debated since 2018.

www.neowin.net

 

[Gandalf_The_Grey]

Chrome 99 lets you Uninstall Web Apps from Windows Settings and remove default Search engines

The update comes with two significant changes:

• New feature related to PWAs integration with the Windows platform,
• Reverts the previous change to allow removal of default Search engines.

Chrome 99 lets you Uninstall Web Apps from Windows Settings and remove default Search engines

Google has released Chrome 99.0 on March 1st and is now available for download. As of now, the update is still rolling out, if the about dialog doesn’t show you the update, wait for it to arrive or download Chrome and overwrite the existing installation to use the latest version. Check out new...

techdows.com

 

[military]

Has the Google Chrome been updated to version 99? We (Russia, the Republic of Moldova) don't have the new version yet. Previously, though, the update to the new version was available immediately.

 

[Gandalf_The_Grey]

Has the Google Chrome been updated to version 99? We (Russia, the Republic of Moldova) don't have the new version yet. Previously, though, the update to the new version was available immediately.

Got the update to 99.0.4844.51 today in The Netherlands.

 

[silversurfer]

Has the Google Chrome been updated to version 99? We (Russia, the Republic of Moldova) don't have the new version yet. Previously, though, the update to the new version was available immediately.

You may want to download manually, latest version of Chrome is always highly recommended due to security fixes...

Chrome 64-bit: Download => https://dl.google.com/release2/chro...9.0.4844.51/99.0.4844.51_chrome_installer.exe

 

[silversurfer]

Starting in Chrome 99, Google reintroduced the ability to delete default search engines in Chrome. Chrome users may once again select the menu icon next to the search engine that they want to remove to bring up the context menu with the delete option.

Selecting the delete option removes the search engine immediately. The default search engine can't be removed, but it is easy enough to make any search engine the default to get rid of all others.

Google restores ability to delete default search engines in Chrome 99 - gHacks Tech News

Starting in Chrome 99, Google reintroduced the ability to delete default search engines in Chrome. Chrome users may once again select the menu icon next to the search engine that they want to remove to bring up the context menu with the delete option.

www.ghacks.net

 

[Gandalf_The_Grey]

Google Chrome 99.0.4844.74 Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.74 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$NA][1299422] Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21

[$NA][1301320] High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28

[$15000][1297498] High CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15

[$7000][1291986] High CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28

[$7000][1295411] High CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09

[$7000][1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13

[$3000][1299225] High CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20

[$TBD][1299264] High CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20

[$TBD][1302644] High CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03

[$TBD][1302157] Medium CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.74 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list o...

chromereleases.googleblog.com

 

[Gandalf_The_Grey]

Google Chrome 99.0.4844.82 Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.82 for Windows, Linux and 99.0.4844.83 for Mac which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log.

Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.82 for Windows, Linux and 99.0.4844.83 for Mac which will roll out over the coming days/wee...

chromereleases.googleblog.com

 

[Gandalf_The_Grey]

Google Chrome 99.0.4844.84 Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1309225] High CVE-2022-1096: Type Confusion in V8. Reported by anonymous on 2022-03-23

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2022-1096 exists in the wild.

Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.84 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list o...

chromereleases.googleblog.com

Emergency Google Chrome update fixes zero-day used in attacks

Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild.

www.bleepingcomputer.com

 

[silversurfer]

" Chrome 100 will start rolling out in the later hours of today. "

Chrome 100 is updating the way cookie strings are parsed by allowing the domain attribute to be set to an empty string. This modification will bring Chrome in line with standard specifications and also improve interoperability with Safari and Firefox, which already handle empty strings correctly.

The multi-screen window placement APIs are being enhanced to cater to modern use-cases by providing more information about secondary screens instead of being tied just to the primary display. Google says that this will unlock the following scenarios in terms of accurate window placement:

• A slideshow app presenting on a projector, while showing speaker notes on a laptop screen.
• A financial app opening a dashboard of windows across multiple monitors.
• A medical app opening images (for example, x-rays) on a high-resolution grayscale display.
• A creativity app showing secondary windows (for example, a palette) on a separate screen.
• Multi-screen layouts in gaming, signage, artistic, and other types of apps.

Chrome is hitting version 100 today with cookie changes and multi-display improvements

Google Chrome version 100 is landing today with lots of improvements to cookie parsing, multi-monitor window placement, and a warning for websites utilizing unreduced user-agent strings.

www.neowin.net