Google has launched Chrome version 100 which, among other things, fixes 28 vulnerabilities. Other new security features include Safety Check, Enhanced Safe Browsing, and the ability to control website access to your location and device.
Of the 28 vulnerabilities, none have been marked as critical but 9 have been marked as high severity. High severity usually means that any compromise would be limited to the browser, although vulnerabilities that allow an escape from the browser’s sandbox will often be classified as High as well. But these vulnerabilities could have more serious consequences when used in conjunction with others, so it warrants a quick update.
Version 100
We have talked about possible user-agent string problems with the introduction of version 100, for both Chrome and Firefox. With Google Chrome 100, the browser’s user-agent string now uses a three-digit version number compared to a two-digit number. After testing showed that some sites had issues with the new user-agent string, they were quickly fixed by developers so these sites now support the three-digit version. This is not to say that every site has been tested, so it may still cause problems for some.
Google has announced that Chrome 100 will be the last version of the browser with an unlimited user-agent string. The user-agent string—which is sent out on each http-request—contains information about the user’s OS, the used browser and its version number, the device model, the architecture, and more. With this combination of parameters and the large variety of potential values, it could be possible to identify internet users based on their user-agent strings.
To reduce this option for fingerprinting Google plans to reduce the information in the user-agent string to only the browser’s brand and significant version, its desktop or mobile distinction, and the platform it’s running on.
Safety check
The new safety check allows users to quickly check a few security settings like available updates, the strength of their saved passwords, whether safe browsing is enabled, and more.
Go to your Settings and then select Security and Privacy. Here you can click the Check now button under Safety check.
Enhanced Safe Browsing
According to Google, Enhanced Safe Browsing protection adds a few extra layers to the standard protection:
- Predicts and warns you about dangerous events before they happen
- Keeps you safe on Chrome and may be used to improve your security in other Google apps when you are signed in
- Improves security for you and everyone on the web
- Warns you if passwords are exposed in a data breach
- Sends URLs to Safe Browsing to check them. Also sends a small sample of pages, downloads, extension activity, and system information to help discover new threats. Temporarily links this data to your Google Account when you’re signed in, to protect you across Google apps.
It is up to you whether you would like to provide Google with this data, but you can enable Enhanced Safe Browsing by following the procedure outlined below.
Go to Settings and then select Security and Privacy. Click Security and turn the radio button before Enhanced protection.
Control website access to your location and device
Sometimes websites ask permission to use your location, microphone, and more. Chrome now has site safety controls that help you understand and change the permissions for the sites you visit.
You can check the current permission by clicking the lock symbol in the address bar and select the Site settings to see an overview of all the permission. You will also be able to see existing permissions that you can simply reset by using the Reset permission button.
New developer APIs
With this release, Google has also added the Digital Goods API so that web applications can make in-app purchases using the Google Play Store. This API has been made available alongside the Multi-Screen Window Placement API that extends the web platform’s single-screen paradigm to support multi-screen devices. As multi-screen devices and applications become a more common part of user experiences, it is deemed important to give web developers information and tools to leverage that expanded visual environment.
How to update Chrome
The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser.
So, it doesn’t hurt to check now and then. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome.
If there is an update available, Chrome will notify you and start downloading it.
Then all you have to do is relaunch the browser in order for the update to complete.
After the update, the version should be 100.4896.60.
Stay safe, everyone!
The post Update now! Google launches Chrome version 100 and fixes 28 vulnerabilities appeared first on Malwarebytes Labs.