Google Chrome Stable Channel Updates

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 107.0.5304.87/.88 Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.87 for Mac and Linux and 107.0.5304.87/.88 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,410

Google Chrome now lets you compare search results from the sidebar​

Google updated its Chrome browser to version 107 a few days ago. It fixed some security issues, and brought a couple of new features, including a way to compare search results directly from the sidebar.

Google Chrome now lets you compare search results from the sidebar
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 07.0.5304.106/.107 Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 10 security fixes.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 107.0.5304.121/.122 Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 1 security fix.

Google is aware that an exploit for CVE-2022-4135 exists in the wild.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 108 is coming today with lots of deprecations and improved COLRv1 support
It's been over a month since Chrome 107 landed with HEVC decoding support. Now, it's time for Chrome 108 which packs a lot of deprecations, backend changes, and developer-facing improvements. Unlike previous releases, this version does not seem to have pushback on any new feature from Apple's Safari team, Mozilla, or web developers.

We'll start off with deprecations this time to switch things up a bit. Due to extremely low usage, feedback from spec editors, and the constraints it poses on current implementations, the ImageDecoderInit.premultiplyAlpha feature is being deprecated. The navigateEvent.scroll() function is also being discontinued and replaced by restorescroll() because of the better behavior it offers. In the same vein, navigateEvent.transitionWhile() is being killed off and replaced by intercept() because of design flaws highlighted by web developers.

Additionally, the googIPv6: false attribute in mediaConstraint is being deprecated and removed. It is used to disable IPv6 in WebRTC but Google does not recommend doing this anymore since IPv6 has been the default for ages. Similarly, window.defaultStatus and window.defaultstatus are being deprecated because of fingerprinting concerns, low adoption from other browser vendors, and the fact that they do not affect the browser's behavior in any meaningful way.

There are a couple more deprecations being tested behind developer trials (flags) too. The first disallows the Web Payment API to bypass the connect-src CSP policy while fetching the manifest. Disabling this behavior enables better data security. The second feature on the chopping block is the PaymentInstruments API. It is being killed off due to privacy flaws and lack of adoption from other browser vendors. Similarly, the Merchant origin details in the "canmakepayment" service worker event is also being removed to improve user privacy.

Now that we are done with the deprecations, let's change gears to new features and other additions. Chrome 108 packs a better implementation of COLRv1 color gradient vector fonts through support of the "variable" functionality. Some of our readers may remember their introduction in Chrome 98 when they faced pushback from Apple. Google claims that Apple's Safari team is now "neutral" about the feature instead of being "negative".

There are tons of CSS changes too, you can see them listed below:
Other functionalities in tow include the ability for Android on-screen keyboards to resize the visual viewport by default, a Federated Credentials Management API for improved privacy, support for printing in LayoutNG, and updating of asynchronous methods to synchronous in SyncAccessHandle in the File System Access API.

Some minor improvements have also been made such as additional methods for the Array and TypedArray classes, the ability to use symbols as keys in WeakMap, modifications to Client Hints Header, and support for the wildcard character in permissions policy. Moreover, the Media Source Extensions (MSE) API can now be used by Workers and there is also a new NotRestoredReason API for the back/forward cache (BFcache).

Chrome 108 will start rolling out in the later hours of today. If Chrome does not automatically update to version 108, head over to Help > About Google Chrome to trigger the update once it becomes available. Next up is Chrome 109 which will hit the Beta channel on December 1, followed by a Stable release on January 10.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 108.0.5359.71/72 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 108 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 108.0.5359.71 ( Mac/linux) and 108.0.5359.71/72( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 108.

This update includes 28 security fixes.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,410

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 108.0.5359.94/.95 Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

The Extended Stable channel has been updated to 108.0.5359.94 for Windows and Mac which will roll out over the coming days/weeks.

This update includes 1 security fix.

Google is aware that an exploit for CVE-2022-4262 exists in the wild.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Yes that is not great, hope we will get an update soon...
At the moment Brave, Chrome, Chromium (if you choose the right build) and Vivaldi are patched.
Edge, Opera and Yandex are not patched.

EDIT: But the update for Edge will arrive soon:

December 5, 2022​

Microsoft has released the latest Microsoft Edge Stable Channel (Version 108.0.1462.42). This update contains a fix for CVE-2022-4262, which has been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.

This update contains the following Microsoft Edge-specific updates:

 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 108.0.5359.98/.99 Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.98 for Mac and Linux and 108.0.5359.98/.99 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

The Extended Stable channel has been updated to 108.0.5359.99 for Windows and 108.0.5359.98 for Mac which will roll out over the coming days/weeks.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,410
Google Chrome 108 was released to the stable channel last week. It added support for a new way to sign in to online accounts, passwordless logins, aka Passkeys.

What are Passkeys? Passkeys are a secure login method, that was developed by the FIDO Alliance and World Wide Web Consortium (W3C), which includes the giants of Silicon Valley like Apple, Google and Microsoft.

What's the need for it? Regular passwords can be phished, leaked, stolen or brute forced if the passphrase is weak. Passkeys sidestep these issues completely, there is nothing to be guessed, leaked or stolen. The Passkeys are stored on the user's device in an encrypted form that can only be accessed with biometric data such as FaceID, fingerprint ID, Windows Hello, PIN, etc. The Passkey on the user's device is referred to as a private key. This is used in tandem with a public key (username) stored on a website's login system.

If a user has saved their account credentials as a Passkey, and they try to log in to the website that the account belongs to, the server's public key asks the user to provide the Passkey associated with their account. This is done by approving the login, by using the computer or mobile phone's fingerprint scanner, camera (FaceID), or the PIN code used to unlock the screen. The device scans the encrypted Passkey data that is stored locally, and tells the server to approve the login request. In other words, your Passkey never leaves your device. You may sync Passkeys across devices, this depends on the app and OS that you use.

Intrigued by the new security feature? You can start using Passkeys in Chrome on websites that support it. That's the issue, very few sites have adopted the new protocol. This Passkey directory page (owned by 1Password) has a list of services that support the new protocol, these include PayPal, BestBuy, eBay, Microsoft, NVIDIA, etc.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 108.0.5359.124/.125 Stable Channel Update for Desktop
The Stable channel has been updated to 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

The Extended Stable channel has been updated to 108.0.5359.124 for Mac and 108.0.5359.125 for Windows which will roll out over the coming days/weeks.

This update includes 8 security fixes.
 

Sammo

Level 5
Verified
Well-known
Jan 27, 2012
224

Imranmt

Level 2
Verified
Nov 14, 2016
93

Vulnerability puts data of 2.5 billion Chrome users at risk​

Data of about 2.5 billion users have been put to risk because of a vulnerability in Google Chrome and chromium browsers. A security firm named Imperva Red has issued a warning that the flaw that has been technically dubbed as ‘CVE-2022-365’ allows hackers to steal information such as cloud based credentials and sensitive files from e-wallets.

Imperva Red issued a blog update on this note and essayed that hackers could induce a ‘Symlink-Symbolic Link’ into the directory that allows the OS to treat it as a file linked to a location in directory, which is not in reality.


Symlinks can lead to flaws when mis-handled and can allow the threat actors siphon data from browsers, an act not intended in actual.

With Chrome, the susceptibility arises when the browser interacts with the symlink to process files and directories without checking for the authenticity of the location of the Symbolic link in a file or directory.

How does this affect the users of Chrome, then?

Researchers state the hacker can create a fake website that is into the business of crypto wallet and urge users to creating a new wallet via download of recovery keys. These keys can contain zip files loaded with Symlinks connected to sensitive files or folders from the computer. This, when a user unzips the file, the upload of keys back to the website can allow a threat actor to gain access to sensitive files, leading to privacy concerns.

Google Chrome response

In response to the alert provided by Imperva Red, the web service provider issued an update that the flaw was addressed in the latest release of Chrome 108 and is thus urging its users to keep their software updated with security covers to all discovered vulnerabilities, such as those arising from Soft links( symlinks).

Source : Vulnerability puts data of 2.5 billion Chrome users at risk - Cybersecurity Insiders
 
  • Like
Reactions: silversurfer

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,568
Google Chrome 109.0.5414.119/.120 Stable Channel Update for Desktop
The Stable channel has been updated to 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 6 security fixes.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top