Roundup of new Chrome features and security updates

What is Google Chrome?

Google Chrome is a cross-platform web browser developed by Google, first released in 2008 for Windows. It is now available on Linux, macOS, iOS and Android. In addition to fast web browsing speed, the feature of synchronizing web data across all devices via Google account is what makes it difficult for users to give up this browser.

Download Chrome

Below you'll find features, changes in the latest versions of Chrome, and urgent security updates.

Chrome Security Update 101, Patches 13 Critical Vulnerabilities

Google recently rolled out a security update for Chrome version 101 to patch 13 vulnerabilities, nine of which were discovered by outside researchers.

Of the vulnerabilities reported by the researchers, seven are use-after-free vulnerabilities, which can lead to arbitrary code execution remotely.

Based on the severity rating and bounty awarded to the vulnerabilities, CVE-2022-1633 is the most important vulnerability. It is a use-after-free vulnerability in Sharesheet reported by researcher Khalil Zhani, who was awarded a $5,000 bounty.

Zhani also reported CVE-2022-1634, a high severity use-after-free vulnerability in Browser UI, and received a $3,000 bounty.

Meanwhile, an anonymous researcher reported the vulnerability CVE-2022-1635 and was awarded $3,000. This is a user-after-free vulnerability in Permission Prompt and is rated high severity.

According to Google's policy, the CVE-2022-1636 vulnerability reported by Microsoft researcher Seth Brenith is not eligible for a reward.

Additionally, Google has not yet determined the bounty for four high-severity security vulnerabilities patched in this Chrome update. These include CVE-2022-1637, CVE-2022-1638, CVE-2022-1639, and CVE-2022-1640.

The ninth vulnerability discovered by an external researcher and patched this time around is CVE-2022-1641. Despite being only a medium risk vulnerability, the researcher who reported it still received a $5,000 bounty.

The Chrome version with patch number 101.0.4951.64 is being rolled out to Windows, Mac, and Linux users.

Chrome 100.0.4896.127 emergency update patches zero-day vulnerability being actively exploited by hackers

Google has just released Chrome update 100.0.4896.127 for Windows, Mac and Linux to patch a highly dangerous zero-day vulnerability that is being actively exploited by cybercriminals.

"Google is aware that CVE-2022-1364 is being exploited in the wild ," Google said in a security advisory just published.

The automatic update delivery process can take a few weeks, but if you want to get the update right away, you can also go to Chrome menu > Help > About Google Chrome.

Google Chrome will then automatically check for updates and install them (if any) the next time you close and run it again. Since the vulnerability is being actively exploited, it is best to update your browser as soon as possible to stay safe.

The zero-day vulnerability patched this time is tracked as CVE-2022-1364 and is a high-severity type confusion vulnerability in the Chrome V8 JavaScript engine.

Type confusion typically results in a browser crash upon successful exploitation by reading or writing outside the bounds of the buffer. However, an attacker could also exploit this vulnerability to execute arbitrary code.

CVE-2022-1364 was discovered by Clément Lecigne of Google's Threat Analysis Team. As usual, Google will not release details of the attacks until the majority of users have been updated with the fix.

This is the third zero-day vulnerability in Chrome that Google has urgently patched. The other two vulnerabilities are CVE-2022-0609 patched on February 14 and CVE-2022-1096 patched on March 25.

New Features of Chrome 100 Just Released

It's been 13 years since Google released its first Chrome update, and the number of versions the world's most popular browser platform has finally reached three digits. Google is celebrating Chrome 100 with a new, more modern logo, new tools for web apps, and a host of other notable changes. Find out more below.

Chrome has a new icon

Roundup of new Chrome features and security updates Picture 1

For the first time since 2014, Chrome has a new logo design. As you can see in the image above, this isn't a major change. Google has simply made some visual tweaks to make the new icon simpler and more modern.

Google has also subtly changed the color gamut, with better contrast evident. Colors have been made a little deeper and more vibrant.

The new icon will roll out to all platforms, but Google will also make some changes to help it fit in better with the overall look of that platform. For example, the Windows icon is a bit more colorful, while the macOS version has more of a 3D effect.

No more data saver mode

Chrome for Android, iPhone, and iPad has included a data-saving "Lite Mode" feature for a long time. But it's going away. Google has now shut down the servers responsible for doing all the data compression for you.

Roundup of new Chrome features and security updates Picture 2

Google's statistics show that 'mobile data costs have dropped in many countries' and emphasize that Chrome has included many improvements to reduce data usage, so the feature is no longer needed. Additionally, because the change is being made server-side, Data Saver/Lite Mode will stop working for all versions of Chrome.

Web applications can support multiple screens

The new Multi-Screen Window Placement API is now available in the stable desktop version of Chrome 100. This API helps web apps automatically detect when a user is using a multi-monitor setup, providing better optimization of the web app experience across multiple screens.

User agent strings are going away

User agent strings tell websites what type of device and operating system you're using. While this information can be useful, it's also highly personal and can be misused to build a profile of someone's identity. Chrome 100 will be the last version to support 'unactivated' user agent strings.

Instead, user agent strings provide less information to websites, along with a new, more secure 'User-Agent Client Hints API'. This new API should also cause fewer incompatibility issues with websites.

Some other notable changes

You can read more about the changes in Chrome 100 on Google's developer site and the Chromium blog. Here are some highlights:

1. Chrome for Android will have a confirmation pop-up to close all tabs at once.
2. Chrome now provides the Digital Goods API to manage digital products and in-app purchases from web apps.
3. The 'HIDDevice forget()' method allows developers to voluntarily revoke previously granted permissions to a HIDDevice.
4. The 'NDEFReader makeReadOnly()' method allows web developers to create permanent NFC tags in read-only mode with Web NFC.

Chrome 99.0.4844.84 emergency update patches zero-day vulnerability being exploited by hackers

Not long after releasing the Chrome 99 update, Google had to urgently release the Chrome 99.0.4844.84 update for Windows, Mac and Linux users to fix a dangerous zero-day vulnerability being exploited by hackers.

"Google is aware of the CVE-2022-1096 vulnerability being exploited by attackers," Google shared in a security advisory posted on Friday (March 25). The Chrome 99.0.4844.84 update has been released to users on the official Stable Desktop channel and all users will be automatically updated in about a week.

As usual, Google has not revealed much about the CVE-2022-1096 vulnerability. We only know that it was reported by an anonymous researcher and exploits a confusing weakness in the Chrome V8 JavaScript engine. The severity rating of this vulnerability is critical.

Hackers can exploit the confusion vulnerability to launch arbitrary code execution attacks.

That said, despite recognizing that the vulnerability was exploited by hackers, Google declined to share details about the exploitation technique or any additional information related to this vulnerability.

"Access to bug details and links may be restricted until the majority of users are updated with the patch ," Google shared. "We will also maintain restrictions if the bug exists in third-party libraries that other projects similarly depend on but have not yet been patched."

This is the second zero-day vulnerability that Google has had to urgently patch in 2022.

Chrome 98.0.4758.102 emergency update patches zero-day vulnerability being exploited by hackers

Google has just released a security update version 98.0.4758.102 for Windows, Mac and Linux to patch a serious zero-day vulnerability. According to Google, this vulnerability is being actively exploited by hackers.

In a newly published security report, Google said the vulnerability is assigned the tracking code CVE-2022-0609. The search giant shared that it has received reports that CVE-2022-0609 is being exploited.

The 98.0.4758.102 update is now rolling out and will be rolled out gradually over the course of a week. However, you can download and install it now by going to Chrome > Help > About Chrome. The browser will also check for and install the update the next time you close and reopen Google Chrome.

Google has not disclosed details of the CVE-2022-0609 vulnerability beyond saying it was discovered by Clément Lecigne of Google's Threat Analysis Group. Successful exploitation of CVE-2022-0609 could allow an attacker to execute arbitrary code on computers running unpatched versions of Chrome or escape the browser's security sandbox.

Google said it would only release technical details of the vulnerability once the majority of users had received the emergency patch.

This is the first Chrome zero-day vulnerability patched by Google in 2022.

In addition to the zero-day vulnerability above, this emergency update also patches seven other security vulnerabilities. All of them are rated high risk, not critical.

New features of Chrome 98 just released

Chrome version 98 was just officially released by Google on February 1, 2022, with some notable improvements below.

'Privacy Guide'

One of the most notable new features added in Chrome 98 is the 'Privacy Guide'. This security feature is still hidden behind an experimental flag, but it looks like it's almost ready for official release. It's essentially a tool that helps you check the security and privacy status of your browser.

Roundup of new Chrome features and security updates Picture 3

Privacy Guide is currently hidden in a flag at chrome://flags/#privacy-review. Once enabled, it can be found in the 'Security & Privacy' settings. It lists a fairly comprehensive list of settings that allow you to tighten your privacy on the browser. You won't have to manually search for the options like before.

Emoji size changed

Roundup of new Chrome features and security updates Picture 4

Google is now rolling out a new font family called COLRv1 Color Gradient Vector Fonts in Chrome 98. What this means is that emojis will now look better at scale, while being smaller on average. This is largely due to the move from PNG to vector. The emojis themselves don't look much different at small sizes. But if you zoom in, you can see a pretty big improvement in aesthetics.

Take Screenshots in Browser

Taking screenshots on Windows or Mac isn't difficult using the operating system's built-in tools. However, Chrome 98 makes it even easier with a built-in screenshot feature built into the browser.

Roundup of new Chrome features and security updates Picture 5

When you click the share icon in the address bar, you'll see a new 'Screenshot' option. Additionally, the Chrome app for Android is currently testing the ability to add emojis to screenshots. You can try this out by enabling the chrome://flags/#lightweight-reactions-android flag. A new 'Add Emotion' button will be added to the share menu.

Some other minor changes

Google now releases new versions of Chrome every four weeks, so the number of new features that come with each update is slimmed down. However, there are still a lot of small changes and additions introduced. Chrome 98 is no exception. These include:

1. Chrome 98 allows you to specify whether window.open() launches a new window or a new tab.
2. New Origin Trial for Region Capture. This is an API that supports cropping of selfie videos.
3. video track
4. Back/forward cache (or bfcache) is a new browser optimization feature that allows instant back/forward navigation.
5. The Lighthouse dashboard is currently running Lighthouse 9.

There are also a number of security fixes introduced in this update. You can read more about them on the Chromium blog.

Chrome 97 patches 37 security vulnerabilities

Google has just released Chrome 97 for Windows, Mac, and Linux. In addition to new features, Chrome 97 fixes 37 vulnerabilities, including 24 reported by external researchers.

Of the 24 security vulnerabilities reported by external parties, one was rated as critical, 10 as critical, 10 as moderate, and three as low. The most common were use-after-free (UAF) vulnerabilities and improper implementation vulnerabilities.

The most severe vulnerability is CVE-2022-0096 as it can be exploited to execute code in the context of the browser.

Five of the 10 critical vulnerabilities addressed in this update are UAF vulnerabilities. They affect components such as screenshot capture, login, SwiftShader, PDF, and Autofill.

The remaining five vulnerabilities are related to improper implementation in DevTools, incorrect imports in V8, heap buffer overflows in Bookmarks, V8, and ANGLE.

Half of the average bugs are improper implementations affecting components such as navigation, Autofill, Blink, and compositing. The remaining vulnerabilities include UAF in the File Manager API, incorrect security interfaces in Autofill and Browser UI, out-of-bounds memory access in Web Serial, and errors in the File API.

Google has not issued any warnings or advisories for the newly patched vulnerabilities. Additionally, there have been no reports of these vulnerabilities being exploited by hackers.

Chrome 96.0.4664.110 emergency update patches zero-day vulnerability

Google has just released an emergency update for Chrome 96.0.4664.110 for Windows, Mac, and Linux to fix a serious zero-day vulnerability that is being actively exploited. "Google has received reports of CVE-2021-4102 being exploited in the wild," Google shared.

The Chrome 96.0.4664.110 update is rolling out now and it will take some time before it automatically updates and installs on all computers running Chrome. If you don't want to wait, you can update manually by going to the Chrome menu > Help > About Google Chrome. The browser will automatically check for and install the update the next time you run it.

The zero-day vulnerability patched this time has the code CVE-2021-4102 reported by an anonymous security research team. It exploits a weakness in the Chrome V8 JavaScript engine.

Attackers could exploit the vulnerability to execute arbitrary code or escape the browser's security sandbox on computers running unpatched versions of Chrome. Google said it had seen attacks exploiting the vulnerability, CVE-2021-4102, but did not share details.

Until Google shares more information about the vulnerability, the best way to stay safe is to update Chrome to the latest patch.

This isn't the first time Google has had to issue an emergency patch this year. Since the beginning of the year, Google has had to patch a number of critical zero-day vulnerabilities, most of which were reported by anonymous security researchers.

New features of Chrome 96 just released

Chrome version 96 was officially released by Google today, October 17, 2021, with some notable improvements below.

Improved page navigation speed

If you've ever felt a bit sluggish (or even a little laggy) when using navigation buttons like back and forward in Chrome, version 96 promises to fix that relatively quickly.

Specifically, from version 96, Google will switch to using a new cache to save the websites that users have recently visited on their computers. That way, when you go back or forward pages, their content will be displayed faster and smoother. This will come at the cost of Chrome using more RAM, but it will not be too significant.

PNG files will maintain metadata

One odd thing that has been discovered on Chrome is that the browser automatically removes metadata on pasted PNG files from the clipboard. No other web browser platform has a similar 'feature'.

Fortunately, Chrome 96 will fix this problem. Any PNG files you paste into Chrome will now retain their associated metadata.

Dark mode on every website

Chrome mobile apps already support dark mode, but Google is testing some advanced improvements to make the user experience better. There will be a new option (hidden as a flag) that allows you to create an exception list, which lists websites that you don't want to display in dark mode. Of course, this feature is still in the early stages of testing, so there will definitely be bugs during use.

Roundup of new Chrome features and security updates Picture 6

Overall, this is a small but useful feature that is great for websites that don't look as nice or readable in dark mode.

Turn on the flag at: chrome://flags/#darken-websites-checkbox-in-themes-setting .

Prepare for Chrome 100

Next year, Chrome will hit version 100 — a major update, as planned. Google seems to be getting ready for this milestone. Chrome 96 comes with a runtime flag that returns the value "100" in the iuser agent string. You can find the new flag at: chrome://flags/#force-major-version-to-100, available from Chrome 96 onwards.

Some other notable changes

Here are a few other notable minor changes in Chrome 96:

1. Chrome will parse the DNS records for HTTP domains to find an HTTPS record. If one is found, the connection will be established directly over HTTPS.
2. Web apps can now register as URL protocol handlers, for example to launch twitter links using a Twitter PWA or FTP links using a web FTP app.
3. There are also security improvements related to WebAssembly.

New Features of Chrome 95

Google Chrome version 95 was released with some notable developments as follows:

Improve security in online payments

Roundup of new Chrome features and security updates Picture 7

While online shopping is undoubtedly convenient, it also comes with certain risks. Google is trying to minimize those risks for users with each update. With version 95, the security of Chrome's payment authentication process will be significantly improved with the appearance of a new authentication support extension.

The goal is to make the purchase-authentication-payment process more secure and easier. Third parties — such as banks — can use the new Google-developed extension to authenticate any request during the checkout process.

Web apps can become default apps

Roundup of new Chrome features and security updates Picture 8

In Chrome 95, web apps can register themselves as 'URL handlers'. This means they can behave more like native apps by default. For example, when you click a link associated with a particular service, it can open the link in that service's web app.

Color Eyedropper Tool for Web Apps

Roundup of new Chrome features and security updates Picture 9

Chrome 95 on the PC platform will get a new EyeDropper API. The Eyedropper tool lets you pick colors from images. You may have seen this feature on some websites, but now it can be implemented more easily through a built-in API.

Tab group saving feature

Roundup of new Chrome features and security updates Picture 10

Tab Groups have become a standard feature across web browsers in general, and Chrome is no exception. Google is continuing to improve this feature with the ability to save tab groups in Chrome 95.

This feature is quite easy to use and extremely useful. You can create tab groups as usual, and then save it for convenient reopening in the next session, saving time, instead of having to open tabs and create groups again as usual.

This feature is currently hidden as a flag which can be found at ch hrome://flags/#tab-groups-save .

Some other changes

Here are a few other notable small changes in Chrome 95:

1. Replace legacy file system access API with new storage platform API to enhance user privacy
2. Google started removing FTP support in Chrome 88, but now Chrome 95 is further removing support for FTP URLs.
3. The Lighthouse dashboard is currently running Lighthouse 8.4.
4. The process of searching for files in the Command menu has become easier with the new user interface.

Chrome is now rolling out every four weeks, so the number of new features in updates will be slightly smaller. You can read more about these changes on Google's developer site, as well as on the Chromium blog.