Serious Discussion Google Chrome Stable Channel Updates

Imranmt

Level 3
Verified
Nov 14, 2016
115
Google Chrome is getting built-in virtual credit cards

Google is adding a feature to Chrome’s autofill system called Virtual Card Numbers, which will let you hide your credit or debit card number while making purchases on the web. Google says the feature will help make it easy to securely buy things on sites that don't support options like Google or Apple Pay.

It’s basically the same experience as using Chrome Autofill to enter in your credit card details but with an added layer of security. If you give your card number to a vendor and they abuse it, you then have to contact your bank to reverse the charges and cancel your card, which is an inconvenience at best. That won’t happen if you use Google’s virtual cards, Bill Ready, Google’s president of commerce and payments, told The Verge in an interview. Each virtual card can only be used for a specific transaction (though they do support recurring transactions if you want to use it for a subscription).

Ready says there’s also a convenience angle to virtual card numbers: implementing support for Google Pay or other third-party options can require a lot of work from a vendor, whereas Google’s Virtual Card Numbers will work on any site that can take credit cards. He also says that Google’s “not charging anything” if you use a virtual card, so vendors won't have to give up a cut of their profits, and customers won’t have to hand over their credit card details.

This isn’t necessarily Google competing with companies like Privacy.com, which lets you create and use virtual cards across the web. Ready told me that there won’t be an interface to manage your virtual cards in the new Google Wallet app or anything like that (though the system can protect the cards you store there). Instead, he said, they’re meant to be used on a transaction-by-transaction basis. While that makes the system less flexible, it also means that you don’t have to think about it — you can just click the prompt to use a virtual card number and be on your way.

Source : Google Chrome is getting built-in virtual credit cards
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
Google Chrome 101.0.4951.67 Stable Channel Update for Desktop
The Stable channel has been updated to 101.0.4951.67 for Windows which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112

Chrome 102 is coming today with window controls overlay and PWAs as file handlers​

Chrome 102 includes V3 of Secure Payment Confirmation API. It now has two more optional inputs and another necessary once, which means that this is a breaking change.
Web developers can also leverage an option that allows them to preemptively filter out devices that won't result in a decent user experience through the browser picker.
The latest release of the browser also packs a new surface for the Origin Private File System (OPFS), here's how Google describes it:
The Origin Private File System (OPFS, part of the File System Access API) is augmented with a new surface that brings very performant access to data. This new surface differs from existing ones by offering in-place and exclusive write access to a file’s content. This change, along with the ability to consistently read unflushed modifications and the availability of a synchronous variant on dedicated workers, significantly improves performance and unblocks new use cases.

Our goal is to give developers flexibility by providing generic, simple, and performant primitives upon which they can build higher-level storage components. The new surface is particularly well suited for Wasm-based libraries and applications that want to use custom storage algorithms to fine-tune execution speed and memory usage.
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
Google Chrome 102.0.5005.61/62/63 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 102 to the stable channel for Windows (102.0.5005.61/62/63), 102.0.5005.61 for Mac and Linux.Chrome 102 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 102.0.5005.61 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 102.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 32 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
[$10000][1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
[$7500][1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
[$3000][1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
[$2000][1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
[$1000][1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
[$1000][1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
[$TBD][1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
[$TBD][1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
[$5000][1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04
[$5000][1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01
[$5000][1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28
[$3000][1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20
[$3000][1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29
[$3000][1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michał Bentkowski of Securitum on 2022-04-12
[$TBD][1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28
[$NA][1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23
[$TBD][1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
[$7000][1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21
[$7000][1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26
[$2000][1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11
[$500][1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21
[$500][1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15
[$TBD][1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,410
Hmm, for some reason this is not working, I re-launched the browser and re-started the computer, dam panel is still there. Maybe a glitz and it will magically fix itself, here's hoping.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112

Building a more helpful browser with machine learning​

At Google we use technologies like machine learning (ML) to build more useful products — from filtering out email spam, to keeping maps up to date, to offering more relevant search results. Chrome is no exception: We use ML to make web images more accessible to people who are blind or have low vision, and we also generate real-time captions for online videos, in service of people in noisy environments, and those who are hard of hearing.

This work in Chrome continues, so we wanted to share some recent and future ML improvements that offer a safer, more accessible and more personalized browsing experience. Importantly: these updates are powered by on-device ML models, which means your data stays private, and never leaves your device.

More peace of mind, less annoying prompts

Safe Browsing in Chrome helps protect billions of devices every day, by showing warnings when people try to navigate to dangerous sites or download dangerous files (see the big red example below). Starting in March of this year, we rolled out a new ML model that identifies 2.5 times more potentially malicious sites and phishing attacks as the previous model – resulting in a safer and more secure web.

To further improve the browsing experience, we’re also evolving how people interact with web notifications. On the one hand, page notifications help deliver updates from sites you care about; on the other hand, notification permission prompts can become a nuisance. To help people browse the web with minimal interruption, Chrome predicts when permission prompts are unlikely to be granted based on how the user previously interacted with similar permission prompts, and silences these undesired prompts. In the next release of Chrome, we’re launching an ML model that makes these predictions entirely on-device.

phishing.max-1000x1000.png

With the next release of Chrome, this is what you will see if a phishing attempt is detected (Left) and Chrome will show permission requests quietly when the user is unlikely to grant them (Right).
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
Google Chrome 102.0.5005.115 Stable Channel Update for Desktop
The Stable channel has been updated to 102.0.5005.115 for Windows, Mac and Linux which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
[$TBD][1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19
[$NA][1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
[$TBD][1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112


Closing Words

Chrome benefits from machine learning in some areas, e.g., when it comes to Safe Browsing and the detection of malicious sites. In other areas, machine learning attempts to determine a user's next action or desired actions, to improve usability. The changing address bar icon is a prime example of this; while it may prove useful to some, it may irritate others, especially if accidental activations of undesirable actions are a result. The feature is giving Google suggestive powers and more control over user actions.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112

Google Chrome 103 is landing today with faster page loads and local font access​

We will start off with Google re-implementing the pre-rendering mechanism in Chrome. This was previously replaced by No State Prefetch, which is safer but doesn't really offer significant performance benefits. This is why Google has gone back to the drawing board to support the "103 Early Hints HTTP" response code (the "103" has no relation to the Chrome version with the same number). Google has described this effort as follows:
HTTP/2 introduced the concept of server push, a mechanism that allows a server to preemptively send data to the client. Server push was intended to improve site performance. In the years since, developers have generally preferred preloading from the client side of a web interaction. 103 early hints for navigation provides a new way to do that.
This should significantly improve the speed of webpage loading, reduce resource-hogging, improve code complexity, and tackle the security and privacy issues present in the initial version of this approach. Page loading will also improve through new speculation rules in Chrome 103 which will offer a "flexible syntax for defining what outgoing links are eligible to be prepared speculatively before navigation".
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
Google Chrome 103.0.5060.53 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 103 to the stable channel for Windows,Mac and Linux.This will roll out over the coming days/weeks.

Chrome 103.0.5060.53 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 103.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$NA][1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11

[$20000][1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19

[$7500][1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29

[$3000][1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14

[$3000][1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30

[$2000][1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19

[$7000][1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21

[$1000][1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10

[$500][1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
Google Chrome 103.0.5060.66 Stable Channel Update for Desktop
The Stable channel has been updated to 103.0.5060.66 for Windows. which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112

A Year after other browsers, Chrome is finally getting a partial translate feature​

Reddit user Leopeva64-2 discovered that Google's plan to integrate partial translate functionality in Chrome is making progress. The feature may be used to translate selections, but the process is different from how it is handled in Edge.

Chrome users may right-click on selected text and select the "Translate To" option in the context menu, but the translated text is not displayed on the page but in a bubble in an overlay.

The feature is not fully implemented at this point. While it is available in the context menu on some user devices, translations do not happen currently. Google engineers are still working to add the missing bits of code to Chrome to enable the full translate functionality in the browser.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top