Serious Discussion Google Chrome Stable Channel Updates

[M4RT1NE2]

I have updated Chrome 100 now

 

[Gandalf_The_Grey]

I have updated Chrome 100 now

Google Chrome 100.0.4896.60 Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 100.0.4896.60 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 100.

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also pr...

chromereleases.googleblog.com

What's New in Chrome 100, Available Now

Chrome has hit the big 100. What's new?

www.howtogeek.com

 

[amirr]

 

[Trooper]

I want this guys wallpaper lol.

 

[Gandalf_The_Grey]

Google Chrome 100.0.4896.60 Stable Channel Update for Desktop

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also pr...

chromereleases.googleblog.com

What's New in Chrome 100, Available Now

Chrome has hit the big 100. What's new?

www.howtogeek.com

The Security Fixes are now added to the release notes:

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 28 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29

[$5000][1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28

[$5000][1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01

[$3000][1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24

[$1000][1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25

[$NA][1297404] High CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15

[$TBD][1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07

[$TBD][1305776] High CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13

[$TBD][1308360] High CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21

[$16000][1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab on 2022-01-09

[$7000][1280205] Medium CVE-2022-1136: Use after free in Tab Strip . Reported by Krace on 2021-12-15

[$5000][1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita on 2022-01-22

[$2000][1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz on 2021-09-03

[$TBD][1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-10

[$TBD][1303253] Medium CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab on 2022-03-05

[$TBD][1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07

[$TBD][1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07

[$TBD][1304145] Medium CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08

[$TBD][1304545] Medium CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security on 2022-03-09

[$TBD][1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also pr...

chromereleases.googleblog.com

 

[Imranmt]

Chrome version 100 arrives with refreshed logo in tow

Google’s Chrome browser has been updated to version 100, almost 14 years after it introduced the world to its clean design and all-encompassing “omnibox” in 2008. For most of its history, the search giant’s browser has gained a new version number roughly every six weeks, but last year the company switched to a four-week cycle to deliver new features more quickly. Google says the version 100 update is rolling out on stable channels now across Windows, Mac, Linux, Android, and iOS.

Chrome version 100 arrives with refreshed logo in tow

Improvements so far seem minor.

www.theverge.com

 

[silversurfer]

Chrome users who preferred tab muting over site muting had to install browser extensions such as Tab Muter or Smart Mute to bring back the functionality. Google added an experimental flag to the Canary version of the Chrome browser in early 2022 that restored the browser's tab muting capabilities.

The release of Chrome 100 to the Stable channel brings that experimental function to it as well. While it is still necessary to enable the feature on chrome://flags, doing so restores the ability to toggle audio with a click or tap on the audio icon of individual tabs.

Here is how you restore the functionality in Chrome 100 or newer:

1. Load chrome://flags/#enable-tab-audio-muting in the browser's address bar.
2. Set the flag to Enabled using its menu.
3. Restart the Google Chrome web browser.

All audio icons become switches that allow you to toggle audio on or off for that particular tab after the restart. Unlike the original tab muting feature, Chrome 100's will mute audio playback of the site and not just the tab. If you have two Twitch or YouTube videos open with audio playing in both, hitting the audio icon will mute both and not just the active one.

Experimental flags may be removed at some point, but it would be strange if Google would remove this particular flag again after restoring it a few months earlier. Still, there is the possibility that the flag is removed and that tab audio muting is not enabled by default in Chrome.

Chrome 100: tab audio muting is back - gHacks Tech News

Google restored the tab audio muting feature in Chrome 100 Stable, released in March 2022.

www.ghacks.net

 

[Gandalf_The_Grey]

Google Chrome 100.0.4896.75 Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.75 for Windows, Mac and Linux which will roll out over the coming days/weeks.
The Extended Stable channel has been updated to 100.0.4896.75 for Windows and Mac which will roll out over the coming days/weeks.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$NA][1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.75 for Windows, Mac and Linux which will roll out over the coming days/weeks. The Extended...

chromereleases.googleblog.com

 

[amirr]

I am now only waiting for Windows 11 style overlay scrollbar to appear for Chrome.

 

[Gandalf_The_Grey]

Google Chrome 100.0.4896.88 Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.88 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$6000][1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07

[$3000][1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21

[$3000][1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01

[$1000][1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci @sametbekmezci on 2021-12-28

[$TBD][1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17

[$TBD][1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18

[$TBD][1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28

[$TBD][1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30

[$TBD][1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16

[$TBD][1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09

Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.88 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list ...

chromereleases.googleblog.com

 

[plat]

Well, I'm on Twitter at the "right" time, I guess. So, here is an emergency update issued by Google for an actively exploited zero day. If you run Chrome, you might want to update to v. 100.0.4896.127. Hope you guys don't mind.

 

[Trooper]

Well, I'm on Twitter at the "right" time, I guess. So, here is an emergency update issued by Google for an actively exploited zero day. If you run Chrome, you might want to update to v. 100.0.4896.127. Hope you guys don't mind.

Good stuff. That means Edge will be effected too.

 

[Gandalf_The_Grey]

Google Chrome 100.0.4896.127 Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.127 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$NA][1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-04-13

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2022-1364 exists in the wild.

Stable Channel Update for Desktop

The Stable channel has been updated to 100.0.4896.127 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full li...

chromereleases.googleblog.com

 

[Gandalf_The_Grey]

Good stuff. That means Edge will be effected too.

The advice from Edge for now is to turn on the enhanced security mode to help prevent the exploit:

Release notes for Microsoft Edge Security Updates

Release notes for Microsoft Edge Security Updates

docs.microsoft.com

 

[silversurfer]

Chrome 101 has the first version of privacy-preserving ad profiling, landing today​

Yet another capability in Origin trials in Chrome 101 is the Attribution Reporting API. Google describes it as follows:

This API measures ad conversions (e.g. purchases) and attributes them to ad interactions without using cross-site persistent identifiers like third-party cookies. The API allows measurement through both event-level reports sent directly from the browser, and aggregatable reports which can be processed through a trusted service to create summary reports of attribution data.
[...] Currently, the web ad industry measures conversions via identifiers they can associate across sites. These identifiers tie information about which ads were clicked to information about activity on the advertiser's site (the conversion). This allows advertisers to measure ROI, and for the entire ads ecosystem to understand how well ads perform. Since the ads industry today uses common identifiers across advertiser and publisher sites to track conversions, these common identifiers can be used to enable other forms of cross-site tracking. This doesn’t have to be the case, though, especially in cases where identifiers like third party cookies are either unavailable or undesirable. A new API surface can be added to the web platform to satisfy this use-case without them, in a way that provides better privacy to users.

Chrome 101 has the first version of privacy-preserving ad profiling, landing today

Google Chrome 101 is landing in the later hours of today. It is a milestone release because it contains the first implementation of Google's ad profiling mechanisms called the Topics API and FLEDGE.

www.neowin.net

 

[Gandalf_The_Grey]

Google Chrome 101.0.4951.41 Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 101 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks.

Chrome 101.0.4951.41 for Windows,Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 101.

Security Fixes and Rewards

This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06

[$7000][1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20

[$7000][1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10

[$6000][1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17

[$5000][1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04

[$NA][1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10

[$NA][1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08

[$7500][1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15

[$7500][1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22

[$7500][1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08

[$7000][1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09

[$5000][1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04

[$2000][1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25

[$2000][1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01

[$2000][1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12

[$2000][1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michał Bentkowski of Securitum on 2022-04-11

[$1000][1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01

[$1000][1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17

[$1000][1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28

[$1000][1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15

[$NA][1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29

[$500][1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14

[$NA][1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04

[$TBD][1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25

[$NA][1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 101 to the stable channel for Windows, Mac and Linux. This will roll out ov...

chromereleases.googleblog.com

EDIT: the security fixes are now posted.

 

[silversurfer]

In Chrome 101, users noticed that Google removed the hardware media key handling flag from the experimental page without adding an option to Chrome. Did Google pull the flag and decide to do away with the option?

It appears that this is not the case. According to this commit on the Chromium Gerrit site, Google plans to restore the flag in Chrome 102, out next month and extend the expiration date of the flag to Chrome 113.

Google notes in the commit that the experimental flag is popular, as it is the 10th most used custom flag in the browser.

Extend hardware-media-key-handling flag expiration
This flag is still the 10th most used custom flag on desktop and we have not yet figured out a good solution for making this an actual setting. Kicking the can for now.

Chromium developers plan to add the disabling of media keys as a setting in the browser, but they have not yet decided on how that is going to happen.

Chrome users who set the flag in previous versions of the web browser may restore it in Chrome 101 temporarily by enabling the "Temporarily unexpire M100 flags"; this restores flags that were removed in 101 if they existed in version 100 of the browser. Starting with Chrome 102, it is no longer necessary to keep that flag enabled as the official media key handling flag will be restored in that version of the browser.

How to disable media keys support in Google Chrome - gHacks Tech News

Find out how to disable support for hardware media keys for controlling media playback in the Google Chrome web browser.

www.ghacks.net

 

[Imranmt]

The latest Chrome Beta lets you reorder your tabs with the power of your keyboard

Chrome Beta 102 landed last week, but we haven’t uncovered everything new in it just yet. As it turns out, the new version of Chrome makes it possible to reorder tabs with keyboard shortcuts on Mac and Windows. The feature was previously only available on Linux and is now finally making its way to all desktop versions of the browser, save for Chrome OS (or chromeOS, if you will).

While you can easily reorder tabs using your mouse (just drag and drop the tab in question left or right to slot it in the desired place), many power users prefer to do as much as possible using keyboard shortcuts. The logic for both Windows and macOS follows the same that was long introduced in Linux. To move a tab, you need to hit ctrl+shift and page up or page down, depending on which direction you want to move the tab. On the regular MacBook keyboard, page up or page down can be accessed by holding down the fn key and hitting arrow up or down, so you will in essence have to pair ctrl+shift+fn with arrow up or down. Many Windows laptops will require similar workarounds, depending on what keyboard layout they offer.

While we have only been able to confirm this new behavior on macOS, Redditor Leopeva64 (who tipped us about this) offers a screen recording that shows off the keyboard shortcut in use on Windows. Unfortunately, it doesn’t look like the keyboard shortcut is functional on Chrome OS just yet, where we haven’t been able to reproduce the shortcut under Dev version 102.0.4992.0.

Source : The latest Chrome Beta lets you reorder your tabs with the power of your keyboard

 

[Gandalf_The_Grey]

Google Chrome 101.0.4951.54 Stable Channel Update for Desktop

The Stable channel has been updated to 101.0.4951.54 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Stable Channel Update for Desktop

The Stable channel has been updated to 101.0.4951.54 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list ...

chromereleases.googleblog.com

 

[Gandalf_The_Grey]

Google Chrome 101.0.4951.64 Stable Channel Update for Desktop

The Stable channel has been updated to 101.0.4951.64 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards

This update includes 13 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$5000][1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18

[$3000][1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09

[$3000][1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26

[$NA][1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15

[$TBD][1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31

[$TBD][1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17

[$TBD][1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19

[$TBD][1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28

[$5000][1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Stable Channel Update for Desktop

The Stable channel has been updated to 101.0.4951.64 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list ...

chromereleases.googleblog.com