Serious Discussion Google Chrome Stable Channel Updates

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 107.0.5304.87/.88 Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.87 for Mac and Linux and 107.0.5304.87/.88 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256

Google Chrome now lets you compare search results from the sidebar​

Google updated its Chrome browser to version 107 a few days ago. It fixed some security issues, and brought a couple of new features, including a way to compare search results directly from the sidebar.

Google Chrome now lets you compare search results from the sidebar
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 07.0.5304.106/.107 Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 10 security fixes.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 107.0.5304.121/.122 Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 1 security fix.

Google is aware that an exploit for CVE-2022-4135 exists in the wild.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 108 is coming today with lots of deprecations and improved COLRv1 support
It's been over a month since Chrome 107 landed with HEVC decoding support. Now, it's time for Chrome 108 which packs a lot of deprecations, backend changes, and developer-facing improvements. Unlike previous releases, this version does not seem to have pushback on any new feature from Apple's Safari team, Mozilla, or web developers.

We'll start off with deprecations this time to switch things up a bit. Due to extremely low usage, feedback from spec editors, and the constraints it poses on current implementations, the ImageDecoderInit.premultiplyAlpha feature is being deprecated. The navigateEvent.scroll() function is also being discontinued and replaced by restorescroll() because of the better behavior it offers. In the same vein, navigateEvent.transitionWhile() is being killed off and replaced by intercept() because of design flaws highlighted by web developers.

Additionally, the googIPv6: false attribute in mediaConstraint is being deprecated and removed. It is used to disable IPv6 in WebRTC but Google does not recommend doing this anymore since IPv6 has been the default for ages. Similarly, window.defaultStatus and window.defaultstatus are being deprecated because of fingerprinting concerns, low adoption from other browser vendors, and the fact that they do not affect the browser's behavior in any meaningful way.

There are a couple more deprecations being tested behind developer trials (flags) too. The first disallows the Web Payment API to bypass the connect-src CSP policy while fetching the manifest. Disabling this behavior enables better data security. The second feature on the chopping block is the PaymentInstruments API. It is being killed off due to privacy flaws and lack of adoption from other browser vendors. Similarly, the Merchant origin details in the "canmakepayment" service worker event is also being removed to improve user privacy.

Now that we are done with the deprecations, let's change gears to new features and other additions. Chrome 108 packs a better implementation of COLRv1 color gradient vector fonts through support of the "variable" functionality. Some of our readers may remember their introduction in Chrome 98 when they faced pushback from Apple. Google claims that Apple's Safari team is now "neutral" about the feature instead of being "negative".

There are tons of CSS changes too, you can see them listed below:
Other functionalities in tow include the ability for Android on-screen keyboards to resize the visual viewport by default, a Federated Credentials Management API for improved privacy, support for printing in LayoutNG, and updating of asynchronous methods to synchronous in SyncAccessHandle in the File System Access API.

Some minor improvements have also been made such as additional methods for the Array and TypedArray classes, the ability to use symbols as keys in WeakMap, modifications to Client Hints Header, and support for the wildcard character in permissions policy. Moreover, the Media Source Extensions (MSE) API can now be used by Workers and there is also a new NotRestoredReason API for the back/forward cache (BFcache).

Chrome 108 will start rolling out in the later hours of today. If Chrome does not automatically update to version 108, head over to Help > About Google Chrome to trigger the update once it becomes available. Next up is Chrome 109 which will hit the Beta channel on December 1, followed by a Stable release on January 10.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 108.0.5359.71/72 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 108 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 108.0.5359.71 ( Mac/linux) and 108.0.5359.71/72( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 108.

This update includes 28 security fixes.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 108.0.5359.94/.95 Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

The Extended Stable channel has been updated to 108.0.5359.94 for Windows and Mac which will roll out over the coming days/weeks.

This update includes 1 security fix.

Google is aware that an exploit for CVE-2022-4262 exists in the wild.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Yes that is not great, hope we will get an update soon...
At the moment Brave, Chrome, Chromium (if you choose the right build) and Vivaldi are patched.
Edge, Opera and Yandex are not patched.

EDIT: But the update for Edge will arrive soon:

December 5, 2022​

Microsoft has released the latest Microsoft Edge Stable Channel (Version 108.0.1462.42). This update contains a fix for CVE-2022-4262, which has been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.

This update contains the following Microsoft Edge-specific updates:

 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 108.0.5359.98/.99 Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.98 for Mac and Linux and 108.0.5359.98/.99 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

The Extended Stable channel has been updated to 108.0.5359.99 for Windows and 108.0.5359.98 for Mac which will roll out over the coming days/weeks.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google Chrome 108 was released to the stable channel last week. It added support for a new way to sign in to online accounts, passwordless logins, aka Passkeys.

What are Passkeys? Passkeys are a secure login method, that was developed by the FIDO Alliance and World Wide Web Consortium (W3C), which includes the giants of Silicon Valley like Apple, Google and Microsoft.

What's the need for it? Regular passwords can be phished, leaked, stolen or brute forced if the passphrase is weak. Passkeys sidestep these issues completely, there is nothing to be guessed, leaked or stolen. The Passkeys are stored on the user's device in an encrypted form that can only be accessed with biometric data such as FaceID, fingerprint ID, Windows Hello, PIN, etc. The Passkey on the user's device is referred to as a private key. This is used in tandem with a public key (username) stored on a website's login system.

If a user has saved their account credentials as a Passkey, and they try to log in to the website that the account belongs to, the server's public key asks the user to provide the Passkey associated with their account. This is done by approving the login, by using the computer or mobile phone's fingerprint scanner, camera (FaceID), or the PIN code used to unlock the screen. The device scans the encrypted Passkey data that is stored locally, and tells the server to approve the login request. In other words, your Passkey never leaves your device. You may sync Passkeys across devices, this depends on the app and OS that you use.

Intrigued by the new security feature? You can start using Passkeys in Chrome on websites that support it. That's the issue, very few sites have adopted the new protocol. This Passkey directory page (owned by 1Password) has a list of services that support the new protocol, these include PayPal, BestBuy, eBay, Microsoft, NVIDIA, etc.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 108.0.5359.124/.125 Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

The Extended Stable channel has been updated to 108.0.5359.124 for Mac and 108.0.5359.125 for Windows which will roll out over the coming days/weeks.

This update includes 8 security fixes.
 

Sammo

Level 8
Verified
Well-known
Jan 27, 2012
376

Imranmt

Level 3
Verified
Nov 14, 2016
115

Vulnerability puts data of 2.5 billion Chrome users at risk​

Data of about 2.5 billion users have been put to risk because of a vulnerability in Google Chrome and chromium browsers. A security firm named Imperva Red has issued a warning that the flaw that has been technically dubbed as ‘CVE-2022-365’ allows hackers to steal information such as cloud based credentials and sensitive files from e-wallets.

Imperva Red issued a blog update on this note and essayed that hackers could induce a ‘Symlink-Symbolic Link’ into the directory that allows the OS to treat it as a file linked to a location in directory, which is not in reality.


Symlinks can lead to flaws when mis-handled and can allow the threat actors siphon data from browsers, an act not intended in actual.

With Chrome, the susceptibility arises when the browser interacts with the symlink to process files and directories without checking for the authenticity of the location of the Symbolic link in a file or directory.

How does this affect the users of Chrome, then?

Researchers state the hacker can create a fake website that is into the business of crypto wallet and urge users to creating a new wallet via download of recovery keys. These keys can contain zip files loaded with Symlinks connected to sensitive files or folders from the computer. This, when a user unzips the file, the upload of keys back to the website can allow a threat actor to gain access to sensitive files, leading to privacy concerns.

Google Chrome response

In response to the alert provided by Imperva Red, the web service provider issued an update that the flaw was addressed in the latest release of Chrome 108 and is thus urging its users to keep their software updated with security covers to all discovered vulnerabilities, such as those arising from Soft links( symlinks).

Source : Vulnerability puts data of 2.5 billion Chrome users at risk - Cybersecurity Insiders
 
  • Like
Reactions: silversurfer

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 109.0.5414.119/.120 Stable Channel Update for Desktop
The Stable channel has been updated to 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 6 security fixes.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome ends support for Windows 7 and 8.1 tomorrow
Google Chrome will stop supporting Windows 7 and Windows 8.1 tomorrow. The tech company will roll out version 110 of the browser among a small percentage of users, with other users receiving the version a week later on Feb. 7. Browser vendor Opera also announced the end of support for the second Windows versions.

Google will support Chrome for Windows with the launch of version 110 only on Windows 10 and newer. Microsoft itself ended support for Windows 7 Extended Security Update (ESU) and Windows 8.1 earlier this month. Google and Opera state that older Chrome versions will continue to work, but no new updates will appear for users of these operating systems.

Chrome has different versions, such as canary, beta and stable, which are intended for developers, testers and end users, respectively. Starting with Chrome 110, there will also be an "early stable" version. This is the stable version rolled out among a small percentage of users a week early, with the rest following a week later. In this way, Google hopes to spot problems early before the browser is distributed to all users.
Translated from Dutch by DeepL
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Every four weeks, Google rolls out a new version of Chrome to the Stable channel. However, it is changing its release cadence a bit with Chrome 110. Rather than releasing Chrome 110 to Stable four weeks after Chrome 109, it is rolling out the latest version to a new "Early Stable" channel one week earlier instead. This means that Chrome 110 will hit Early Stable today three weeks after the release of Chrome 109 and will arrive in Stable next week, as mentioned on Chromium Dash.

Releasing today, Google Chrome 110 packs a very lengthy changelog. Although Chrome 109 was supposed to be the first version of the browser to implement Google's alternative to third-party cookies in the form of Cookies Having Independent Partitioned State (CHIPS), this has seemingly been pushed to Chrome 110 instead.

Moreover, an opt-out mechanism for Secure Payment Confirmation allowing users to have their information removed from the developer's server has also been implemented. And while the details are too technical for most of us, external HTTPS server implementers might also want to take a look at a TLS ClientHello extension permutation that ensures that protocol is more robust to changes.

Additionally, there is more access control surrounding the navigator.share() function for third-party iframes objects along with the ability to load new documents in them through ephemeral credential-less contexts, and web apps can also customize their launch behavior based on various triggers. In a similar vein, cross-origin iframe support has been added for the FedCM API, something appreciated by web developers and browser vendors (Apple, Mozilla) alike.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 110.0.5481.77 Early Stable Update for Desktop
The Stable channel has been updated to 110.0.5481.77 for Windows and Mac as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.

You can find more details about early Stable releases here.
 

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,125
Google Chrome 110.0.5481.77 released to Stable
Chrome 110.0.5481.77/.78 for Windows, 110.0.5481.77 for Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 110.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top