All new in Chrome 104

Image for the article titled All new in Chrome 104

Photo: Monticello (Shutterstock)

The latest update from Google, Chrome 104, is here. Assuming you have the surprisingly generous system requirementsyou can update your browser today to take advantage of it new features and changes. The biggest UI changes affect Chromebook users running Chrome OS, but all Chrome users will benefit from the security patches.

The new Chrome update is provided 27 security patches

The most important reason to update Google Chrome is to install the 27 security patches that come with it. To be clear, the security situation is not serious: According to the Google Chrome Releases blog, none of the 27 vulnerabilities fixed with Chrome 104 are “zero-day”, which means there is no evidence that the vulnerabilities were exploited by malicious users in the wild. If you’re using Chrome 103 today, chances are you’re not affected by any of these security flaws. That said, these 27 vulnerabilities are now known to the public and it’s only a matter of time before attackers figure out how to use them against users who don’t have Chrome 104.

Additionally, seven of these flaws are classified as “Alti,” which means they are more of a threat than others. Here is the complete list, with the “High” vulnerabilities listed above:

  • [$15000][1325699] Tall CVE-2022-2603: Free to use in Omnibox. Reported by Anonymous on 05/16-2022
  • [$10000][1335316] Tall CVE-2022-2604: Use for free in Safe Browsing. Reported by Nan Wang (@ eternalsakura13) and Guang Gong of 360 Alpha Lab on 10-06-2022
  • [$7000][1338470] Tall CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 22-06-2022
  • [$5000][1330489] Tall CVE-2022-2606 – Free to use in the Managed Devices API. Reported by Nan Wang (@ eternalsakura13) and Guang Gong of 360 Alpha Lab on 31-05-2022
  • [$3000][1286203] Tall CVE-2022-2607: Free to use in Tab Strip. Posted by @ginggilBesel on 2022-01-11
  • [$3000][1330775] Tall CVE-2022-2608: Use for free in Overview mode. Reported by Khalil Zhani on 01-06-2022
  • [$TBD][1338560] Tall CVE-2022-2609: Use for free in Nearby Sharing. Reported by koocola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 22-06-2022
  • [$8000][1278255] Medium CVE-2022-2610: Insufficient policy enforcement in background retrieval. Reported by Maurice Dauer on 09-12-2021
  • [$5000][1320538] Medium CVE-2022-2611: Inappropriate implementation in full screen API. Reported by Irvan Kurniawan (sourc7) on 28-04-2022
  • [$5000][1321350] Medium CVE-2022-2612: Loss of side channel information on keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 04-30-2022
  • [$5000][1325256] Medium CVE-2022-2613: use after free in Input. Reported by Piotr Tworek (Vewd) on 05-13-2022
  • [$5000][1341907] Medium CVE-2022-2614: Use after free access flow. Reported by Raven at the KunLun Lab on 05-07-2022
  • [$4000][1268580] Medium CVE-2022-2615: Insufficient policy enforcement in cookies. Reported by Maurice Dauer on 10-11-2021
  • [$3000][1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alessandro Ortiz on 2022-03-02
  • [$2000][1292451] Medium CVE-2022-2617 – Free to use in the Extensions API. Posted by @ginggilBesel on 31-01-2022
  • [$2000][1308422] Medium CVE-2022-2618: Insufficient validation of untrusted inputs indoors. Reported by asnine on 21-03-2022
  • [$2000][1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 04-06-2022
  • [$2000][1337304] Medium CVE-2022-2620 – Free to use in WebUI. Reported by Nan Wang (@ eternalsakura13) and Guang Gong of 360 Alpha Lab on 06-17-2022
  • [$1000][1323449] Medium CVE-2022-2621 – Free for use in extensions. Reported by Huyna to Viettel Cyber ​​Security on 07-05-2022
  • [$1000][1332392] Medium CVE-2022-2622: Insufficient validation of untrusted inputs in Safe Browsing. Reported by Imre Rad (@ImreRad) and @ j00sean on 03-06-2022
  • [$1000][1337798] Medium CVE-2022-2623: use for free offline. Reported by Raven at the KunLun Lab on 20-06-2022
  • [$TBD][1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, in collaboration with the DEVCORE internship program on 06-27-2022

It’s not just about the security updates though, according to How-To Geek. Here’s what else you can expect when you upgrade to Chrome 104 (bonus points if you have a Chromebook).

Chrome OS officially supports light and dark mode

Dark mode is the best of any software feature required and is now available in Chrome OS. With the latest update, Google not only officially supports switching between light and dark modes, but now also allows you to automatically switch between them. I use this feature on my devices, so when the sun starts setting, everything goes into dark mode.

A new Start menu for Chrome OS

Aanother great feature: Chromebooks now have a Windows-like Start menu, dubbed the “Productivity Launcher”. It comes complete with a Google search bar and assistant shortcut. Also, on the other side of the taskbar, you will find the date with a new feature: When you click on it, you will see a large and useful calendar widget.

Share only a selected part of the screen in video recordings

Anyone who regularly shares their screen will appreciate this update: Web app developers can implement a feature called Capture of the region, which now allows users to crop an area of ​​the display to record or share, rather than focusing on an entire window or the entire screen. This feature can help allay fears of over-sharing by giving you control over exactly which part of the screen others can see.

Of course, it will be up to the developers to implement region takeover in their services, so you may not immediately see this feature. It ‘it is powered by Chrome 104 though.

LazyEmbeds (limited test)

Google is also testing a feature called LazyEmbeds, which loads embedded content on a website only when it becomes visible on the screen. It is a spin-off of “slow loading”, where browsers load the site’s content only when a user would see it, instead of loading the entire site and its content at once. At the moment, only 1% of Chrome users will participate in this test, so this is not a full rollout in version 104.

New developer updates

With each new version of Chrome, Google launches new features for developers. You can find a complete list of changes at Google DevTools Blog and the Chromium blogas well as this video from DevTools 104:

Chrome 104 – New in DevTools

How to update Google Chrome

Luckilyupdating Chrome on your computer is easy: click the three dots in the upper right corner of the window, then choose Help> About Google Chrome. Allow Chrome to Load for a Moment: wWhen the update is ready, you can click “Restart”, which will restart the browser with Chrome 104.

    .

Leave a Reply

%d bloggers like this: