All new in Chrome 104

Image for article titled Everything new in Chrome 104

Picture: monticello (Shutterstock)

Google’s newest replace, Chrome 104, is right here. Assuming you have got the surprisingly beneficiant system configurationyou may replace your browser in the present day to make the most of its new options and adjustments. The most important UI adjustments have an effect on Chromebook customers operating Chrome OS, however all Chrome customers will profit from safety fixes.

The brand new Chrome replace comes with 27 safety fixes

Crucial motive to replace Google Chrome is to put in the supplied 27 safety patches. To be clear, the safety scenario isn’t dire: In line with Google’s Chrome Releases Weblog, not one of the 27 vulnerabilities patched with Chrome 104 are zero-day, that means there isn’t any proof that the vulnerabilities have been exploited by malicious customers within the wild. For those who’re utilizing Chrome 103 in the present day, you are unlikely to be focused by any of those safety flaws. That mentioned, these 27 vulnerabilities at the moment are public information and it is solely a matter of time earlier than malicious actors determine methods to use them towards customers who do not have Chrome 104.

Moreover, seven of those rifts are rated as “excessive,” that means they pose extra of a risk than others. Here is the complete record, with the “excessive” vulnerabilities listed on the prime:

  • [$15000][1325699] Excessive CVE-2022-2603: use after free in Omnibox. Reported by Nameless on 05/16/2022
  • [$10000][1335316] Excessive CVE-2022-2604: Free to make use of in Secure Searching. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 06/10/2022
  • [$7000][1338470] Excessive CVE-2022-2605: Studying out of bounds in Daybreak. Reported by Looben Yang on 2022-06-22
  • [$5000][1330489] Excessive CVE-2022-2606: Use after free model in managed gadgets API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
  • [$3000][1286203] Excessive CVE-2022-2607: use after launch in tab strip. Posted by @ginggilBesel on 2022-01-11
  • [$3000][1330775] Excessive CVE-2022-2608: use after free in preview mode. Reported by Khalil Zhani on 2022-06-01
  • [$TBD][1338560] Excessive CVE-2022-2609: Free to make use of in close by sharing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Analysis Institute on 2022-06-22
  • [$8000][1278255] Medium CVE-2022-2610: Inadequate coverage enforcement in background fetching. Reported by Maurice Dauer on 2021-12-09
  • [$5000][1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (source7) on 2022-04-28
  • [$5000][1321350] Medium CVE-2022-2612: Leaked facet channel data in keyboard enter. Reported by Erik Kraft ([email protected]), Martin Schwarzl ([email protected]) on 2022-04-30
  • [$5000][1325256] Medium CVE-2022-2613: Use after free in Enter. Reported by Piotr Tworek (Vewd) on 2022-05-13
  • [$5000][1341907] Help CVE-2022-2614: use after free in login movement. Reported by raven at KunLun Lab on 2022-07-05
  • [$4000][1268580] Medium CVE-2022-2615: Inadequate coverage enforcement in cookies. Reported by Maurice Dauer on 2021-11-10
  • [$3000][1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Posted by Alesandro Ortiz on 2022-03-02
  • [$2000][1292451] Medium CVE-2022-2617: Use after free in Extensions API. Posted by @ginggilBesel on 2022-01-31
  • [$2000][1308422] Medium CVE-2022-2618: Inadequate validation of untrusted inputs in internals. Posted by asnine on 2022-03-21
  • [$2000][1332881] Medium CVE-2022-2619: Inadequate validation of untrusted inputs in parameters. Reported by Oliver Dunk on 2022-06-04
  • [$2000][1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 06/17/2022
  • [$1000][1323449] Medium CVE-2022-2621: use after free in extensions. Reported by Huyna at Viettel Cyber ​​​​Safety on 2022-05-07
  • [$1000][1332392] Medium CVE-2022-2622: Inadequate validation of untrusted inputs in Secure Searching. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
  • [$1000][1337798] Medium CVE-2022-2623: Free offline use. Reported by raven at KunLun Lab on 2022-06-20
  • [$TBD][1339745] Medium CVE-2022-2624: Buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27

G/O Media might obtain a fee

Jachs NY Summer Sale on Shorts

70% off

Jachs NY Summer time Sale on Shorts

Unique sale on summer time types
Patterned, strong, twill and chino, these traditional shorts with 7-9″ inseams inform a narrative: you are a man on trip, possibly on a ship.

It is not nearly safety updates, in keeping with How-To Geek. Here is what you may anticipate when upgrading to Chrome 104 (bonus factors you probably have a Chromebook).

Chrome OS formally helps gentle and darkish mode

Darkish mode is essentially the most of any software program requested function, and now it is out there in Chrome OS. With the newest replace, Google not solely formally helps switching between gentle and darkish modes, but in addition allows you to robotically swap between them. I take advantage of this function on my gadgets, so when the solar begins to set, the whole lot goes into darkish mode.

A brand new begin menu for Chrome OS

AOne other cool function: Chromebooks now have a Home windows-like Begin menu, dubbed the “Productiveness Launcher.” It comes with a Google search bar and a shortcut for the assistant. Additionally, on the opposite facet of the system tray, you can see the date with a brand new function: Whenever you click on on it, you will notice a big helpful calendar widget.

Share solely a particular a part of your display in video recordings

Anybody who repeatedly shares their display will admire this replace: Internet software builders can implement a function known as Area seize, which now permits customers to crop an space of ​​your display to save lots of or share, somewhat than specializing in a complete window or your total display. This function may also help ease fears of oversharing, supplying you with management over precisely what a part of your display others can see.

In fact, it will likely be as much as the builders to implement area capturing of their providers, so that you won’t see this function popping up straight away. Iyous powered by Chrome 104 although.

LazyEmbeds (restricted testing)

Google can also be testing a function known as LazyEmbeds, which masses embedded content material into a web site solely when it turns into seen in your display. It’s a spinoff of “lazy loading”, wherein browsers solely load web site content material when a person sees it, somewhat than loading the complete web site and its content material without delay. At the moment, only one% of Chrome customers will take part in these checks, so this isn’t a full rollout in model 104.

New Developer Updates

With every new launch of Chrome, Google rolls out new options for builders. Yow will discover a full record of adjustments at Google’s DevTools Weblog and the Chromium Weblogpretty much as good as this video DevTools 104:

Chrome 104 – What’s new in DevTools

Tips on how to replace Google Chromium

Fortuitouslyupdating Chrome in your pc is easy: click on on the three dots within the higher proper nook of the window, then select Assist > About Google Chrome. Let Chrome load for a second—wWhen the replace is prepared, you may click on “Relaunch”, which is able to restart your browser with Chrome 104.

#Chrome