Google has just confirmed the second package of security updates for the Chrome browser in July. Version 103.0.5060.134 for all Windows, Mac and Linux users will be available in the coming days. Although this update is deployed automatically, users who do not regularly restart their browsers are advised to manually check and force activate the security patch.
As I reported earlier this month, a Chrome Zero-Day vulnerability has been confirmed by Google to be actively exploited by attackers. This vulnerability was CVE-2022-2294 and very few details were released about it for obvious reasons. Now that users have had plenty of time to apply the patch, in the form of the first Google Chrome security update for July, this detail has started to emerge thanks to Avast threat researchers who discovered it. In a recently published report, the researchers reveal how the vulnerability was used by attackers targeting users in the Middle East, particularly journalists in Lebanon.
Avast researchers say they can “confidently attribute it to a secret spyware vendor” they call Candiru. A year ago, almost to the day, Citizen Lab research claimed that Candiru was “a mercenary spyware company marketing ‘untraceable’ spyware to government customers.” Their product offering includes solutions for spying on computers, mobile devices, and cloud accounts. Avast claims that Candiru gave birth after this research was published but, in March 2022, researchers saw him return with tools targeting Avast users, once again in Lebanon as well as Palestine, Turkey and in Yemen. These tools used a zero-day for Google Chrome.
Avast reports how the zero-day was designed to target Chrome users on the Windows platform, as it used a WebRTC bug, it also impacted Microsoft Edge and even Apple Safari. All browsers have since been patched: Chrome on July 4, Edge on July 6, and Safari on July 20.
This, if you really need to be reminded, is a good reason to make sure you don’t hang around installing those security updates for Chrome. With billions of users spread across multiple platforms, it is a highly profitable target for malicious actors. As stated above, although your browser will automatically download new updates once they are available, these will not activate until you restart the browser.
What’s new in Google Chrome 103.0.5060.134
In total, this update to Chrome 103.0.5060.134 resolves 11 security issues. Five of them were discovered through internal security audits and “fuzzing,” an automatic process that looks for exceptions when providing unexpected or random input. The other six issues are vulnerabilities discovered by security researchers. Unlike Chrome’s first update this month, none are zero-day attackers are known to already exploit them in the wild. It also appears that there are no security fixes in the Android Chrome update announced at the same time.
Five of the six vulnerabilities are considered high impact, with the sixth being a low impact issue. A total of $33,500 in bug bounties was awarded to researchers who revealed the vulnerabilities. Some $23,000 of that went to just two researchers, one of whom, surprisingly, was for this low-impact vulnerability.
Google Chrome 104 is available, discover all the news
What’s new with Google Chrome 104?
Since they use precise scripts that directly impact browser performance, these contents normally take a while to appear. However, some pages allowed automatic loading of embedded content. With the new update, this will apply to all pages. Initially, this feature will only be available to 1% of users. A novelty that is a continuation of Chrome 103, which had already offered better performance by loading web pages faster thanks to the support for the 103 Early Hints response status code.
27 security vulnerabilities fixed
The other notable novelty directly concerns captures. Chrome 104 now lets users create a video capture of their tab by choosing a specific area instead of the entire page. A feature that can be particularly useful during videoconferences to show only the necessary content to other participants. For example, it is possible to share a slide from Google Slides while remaining in edit mode.
Chrome 104 also improves the placement of multi-screen windows allowing the browser to open a full-screen window and an additional pop-up window. Along the same lines, permissions for full-screen content can now be transferred between multiple windows. This new update also leaves more choices for saving bank details, in addition to fixing 27 security vulnerabilities. To check if your browser is up to date or to install Chrome 104, go to “Help” then “About” and then click on “Update Google Chrome”.
Watching Netflix from Google Chrome or Firefox is an error: explanation
Google Chrome: the star of web browsers is probably one of the worst choices available today in general
About 2 out of 3 people have Google Chrome installed on their computer, whether it’s a Mac or a PC.
Chrome is quite pretty, of course, but it is an extremely greedy browser: just a few tabs are enough to heat up the most standard machines. If you want to work with 50 open tabs in Google Chrome, you better have a fighter jet that has 32 GB of RAM.
Worse: Google Chrome is a rather slow browser compared to the competition, all the benchmarks prove it. When we browse the internet, we are above all looking for fluidity, right? So why is Google Chrome so dominant in the small world of web browsers?
Surely because most people have their little habits and don’t know that importing passwords or plugins is extremely simple. Honestly, it is difficult to find other rational explanations today.
Chrome: Google postpones the end of cookies to 2024
Cookies that no one wants anymore
This “sandbox” should have come into force at the end of this year, but Google has announced in the meantime that the end of cookies will wait until 2023 due to pressure from regulators, and in particular from the Competition and Markets Authority (CMA) British. But it won’t be for next year either! The search engine finally indicated that Chrome will get rid of cookies “in the second half of 2024”.
This deadline could be the last: the CMA has indeed given the green light to the latest technologies developed by Google for the Privacy Sandbox. The company is currently testing a new set of APIs which it claims strikes a balance between preserving privacy and the need to properly serve the advertising economy that makes up a good part of its revenue. business.
Google will also activate the Privacy Sandbox for millions of new Chrome users in the coming weeks. By the end of the year and throughout 2023, the web browser will allow more and more Internet users to use these settings which will eventually replace cookies. This postponement is also intended to give web developers and advertisers more time to adapt to these technologies, before the APIs are fully available in the third quarter of 2023.