Google has released version 142 of the Chrome web browser. A stable release of the open-source Chromium project, the foundation of Chrome, is also available. Chrome differs from Chromium in its use of Google logos, a crash notification system, modules for playing copy-protected video content (DRM), automatic update installation, always-on sandbox isolation, provisioning of Google API keys, and the passing of RLZ parameters during search. For those who need more time to update, a separate Extended Stable branch is maintained for eight weeks. The next release, Chrome 143, is scheduled for December 2.
Key changes in Chrome 142:
- Protection against accessing the local system when interacting with public websites is enabled. When accessing a website on a public or internal network (intranet), IP addresses When accessing the local system or loopback interface (127.0.0.0/8), the browser will display a dialog box to the user requesting confirmation. Attempts to download resources, fetch() requests, and iframe insertions are covered. Protection is not currently applied to connections via WebSockets, WebTransport, and WebRTC, but will be added for these technologies later.
Attackers exploit internal resource access to perform CSRF attacks on routers, access points, printers, corporate web interfaces, and other devices and services that only accept requests from the local network. Furthermore, scanning internal resources can be used for indirect identification or to gather information about the local network.
- A single, simplified interface has been introduced for linking to a Google account and syncing data, such as saved passwords and bookmarks. Syncing is integrated with account sign-in and is not presented as a separate option in settings. Users can connect Chrome to their Google account and use it to store passwords, bookmarks, browsing history, and tabs. This feature is currently active for some users, and will be expanded gradually.
- A new process isolation model is used - “Origin Isolation”, in which each content source (origin - a protocol bundle, domain and port, for example, "https://foo.example.com"), is isolated in a separate rendering process. Since increasing the isolation granularity can lead to increased memory consumption and CPU load, the new isolation mode is only enabled on systems with more than 4 GB of RAM. On low-power hardware, the old isolation approach will continue to be used, which isolates all different content sources associated with a single site (for example, foo.example.com and bar.example.com) in a separate process.
- On systems with Windows и macOSFor apps that don't use centralized Chrome management, we've implemented automatic disabling of forcibly installed browser add-ons found to violate minor Chrome Web Store policies. Minor violations include potential vulnerabilities, push-based add-ons without the user's knowledge, metadata manipulation, violations of user data policies, and misleading functionality. Users can restore disabled add-ons if they so choose.
- In version for AndroidSimilar to desktop builds, a warning about fraudulent pages detected by a large language model based on content analysis has been implemented. AI is used in the browser's Enhanced Safe Browsing mode. The AI model runs client-side, but if suspected questionable content is detected, an additional check is performed on Google servers.
- The implementation of the DTLS (Datagram Transport Layer Security, a TLS analog for UDP) protocol used for WebRTC connections includes the use of post-quantum encryption algorithms.
- The activation status, set during user activity on a page, is now preserved after navigating to another page on the same domain. Preserving activation will simplify the development of multi-page web applications and solve problems such as setting input focus when the site displays its virtual keyboard.
- The CSS pseudo-classes ":target-before" and ":target-after" have been added to define the previous and next markers relative to the current scroll position (":target-current").
- Style containers (@container) and the if() function now support the Range Syntax defined in the Media Queries Level 4 specification, which allows the use of standard mathematical comparison operators and logical operators to define ranges of values. For example, you can now specify "@container style(—inner-padding > 1em)" and "background-color: if(style(attr(data-columns, type ) > 2): lightblue; else: white);"
- The " " and " " elements now support the "interestfor" attribute. This attribute can be used to trigger actions, such as displaying a popup, when the user shows interest in the element. The browser recognizes such events as hovering and holding the pointer over the element, pressing hotkeys, or holding a touch on a touchscreen as indicators of interest. When an element with the "interestfor" attribute is identified, the browser generates an InterestEvent.
- Improvements have been made to web developer tools. A quick launch button for the AI assistant has been added to the upper right corner. The "Ask AI" context menu item has been renamed to "Debug with AI" and expanded to include the ability to perform immediate actions depending on context. In the web console and code panel, the Gemini AI assistant can now generate recommendations with code.
Web developer tools now integrate with the Google Developer Program (GDP). Developers can now access their GDP profile directly from Chrome DevTools and earn rewards for completing specific tasks within this interface.
In addition to new features and bug fixes, the new version addresses 20 vulnerabilities. Many of the vulnerabilities were identified through automated testing using AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer, and AFL. No critical issues that could allow for bypassing all layers of browser protection and executing code outside the sandbox environment were identified. As part of the vulnerability bounty program for the current release, Google has established 20 bounties totaling $130,000 (two $50,000 bounties, one $10000 bounty, three $3000 bounties, two $2000 bounties, and three $1000 bounties). The amounts of eight of the bounties have not yet been determined.
Additionally, an unpatched vulnerability has been identified in the Blink engine, causing the browser to crash and freeze when executing certain JavaScript code. The vulnerability is caused by architectural issues in the rendering engine related to the lack of a rate limit on updating the "document.title" property. This lack of limitation allows "document.title" to be used to make tens of millions of changes to the DOM per second. This causes the interface to freeze within a few seconds due to the main thread being blocked and significant memory consumption. After 15-60 seconds, the browser crashes.
Source: opennet.ru
