ProHoster > Blog > internet news > Chrome Release 92

Chrome Release 92

Google has unveiled the release of the Chrome 92 web browser. At the same time, a stable release of the free Chromium project, which is the basis of Chrome, is available. The Chrome browser is distinguished by the use of Google logos, the presence of a system for sending notifications in the event of a crash, modules for playing protected video content (DRM), an automatic update system, and transmission when searching for RLZ parameters. The next release of Chrome 93 is scheduled for August 31st.

Key changes in Chrome 92:

  • Tools have been added to the settings to manage the inclusion of Privacy Sandbox components. The user is given the opportunity to disable the FLoC (Federated Learning of Cohorts) technology developed by Google to replace movement-tracking Cookies with "cohorts" that allow users with similar interests to be distinguished without identifying individuals. Cohorts are calculated on the browser side by applying machine learning algorithms to browsing history data and content that is opened in the browser.
    Chrome Release 92
  • For desktop users, the Back-forward cache is enabled by default, providing instant navigation when using the Back and Forward buttons or when navigating through previously viewed pages of the current site. Previously, the transition cache was only available in builds for the Android platform.
  • Improved isolation of sites and add-ons in different processes. If earlier the Site Isolation mechanism provided isolation of sites from each other in different processes, and also separated all add-ons into a separate process, then the new release implements the separation of browser add-ons among themselves by moving each add-on into a separate process, which made it possible to create another barrier for protection from malicious add-ons.
  • Significantly improved performance and efficiency of phishing detection. The speed of phishing detection based on local image analysis in half of the cases increased up to 50 times, and in 99% of cases it turned out to be at least 2.5 times faster. On average, the time to classify phishing by image has decreased from 1.8 seconds to 100 ms. In general, the load on the CPU created by all rendering processes decreased by 1.2%.
  • Ports 989 (ftps-data) and 990 (ftps) have been added to the number of prohibited network ports. Previously, ports 69, 137, 161, 554, 1719, 1720, 1723, 5060, 5061, 6566 and 10080 have already been blocked. For ports in the blacklist, sending HTTP, HTTPS and FTP requests is blocked in order to protect against a NAT slipstreaming attack that allows when opening a web page specially prepared by the attacker in the browser, establish a network connection from the attacker's server to any UDP or TCP port on the user's system, despite the use of the internal address range (192.168.xx, 10.xxx).
  • Implemented a requirement to use two-factor developer verification when posting new additions or version updates to the Chrome Web Store.
  • Add-ons that are already installed in the browser are disabled if they are removed from the Chrome Web Store catalog due to violation of the rules.
  • When sending DNS requests, in the case of using classic DNS servers, in addition to the "A" and "AAAA" records, to determine IP addresses, the "HTTPS" DNS record is now also requested, through which parameters are transmitted to speed up the establishment of HTTPS connections, such as protocol settings, keys for TLS ClientHello encryption, and a list of alias subdomains.
  • From iframe blocks loaded from domains other than the domain of the current page, calling the window.alert, window.confirm, and window.prompt JavaScript dialogs is prohibited. The change will help protect users from abuse related to attempts to present a third-party notification as a request to the main site.
  • The new tab page provides a list of the most requested documents saved in Google Drive.
  • Provided the ability to change the name and icon for PWA (Progressive Web Apps) applications.
  • For a small random number of web forms that involve entering an address or credit card number, as an experiment, autofill suggestions will be disabled.
  • In the desktop version, the search by image option (the "Find image" item in the context menu) has been switched to use the Google Lens service instead of the usual Google search engine. Clicking the corresponding button in the context menu will redirect the user to a separate web application.
  • In the incognito mode interface, links to the browsing history are hidden (the links are useless, as they led to the opening of a stub with information that the history is not being collected).
  • Added new commands that are parsed when typed in the address bar. For example, to see a button to quickly go to the password and add-ons security check page, just type “safety check”, and to go to the security and synchronization settings – “manage security settings” and “manage sync”.
  • Specific changes in the Android version of Chrome:
    • The panel has a new customizable "Magic Toolbar" button, showing different shortcuts based on the user's current activity and including links that are likely to be needed at the moment.
    • Updated the implementation of the machine learning model that runs on the device to detect phishing attempts. When phishing attempts are detected, in addition to displaying a warning page, the browser will now send information about the version of the machine learning model, the calculated weight for each category, and the flag for applying the new model to the external Safe Browsing service.
    • Removed the "Show suggestions for similar pages when a page can't be found" setting, which caused similar pages to be recommended based on sending a query to Google if the page was not found. This setting was previously removed from the desktop version.
    • Extended use of site isolation mode for individual processes. For reasons of resource consumption, only selected large sites have been taken out into separate processes so far. In the new version, isolation will also be applied to sites that are signed in by the user with OAuth authentication (for example, connecting with a Google account) or that set the Cross-Origin-Opener-Policy HTTP header. For those who want to enable isolation in separate processes of all sites, the setting "chrome://flags/#enable-site-per-process" is provided.
    • Disabled protection mechanisms built into the V8 engine against attacks through third-party channels, such as Specter, which are considered not as effective as isolating sites in separate processes. In the desktop version, these mechanisms were disabled back in the release of Chrome 70.
    • Simplified access to site permission settings such as microphone, camera, and location access. To display a list of permissions, just click on the padlock symbol in the address bar, and then select the "Permissions" section.
      Chrome Release 92
  • Several new APIs have been added to the Origin Trials mode (experimental features that require separate activation). Origin Trial implies the ability to work with the specified API from applications downloaded from localhost or 127.0.0.1, or after registering and receiving a special token that is valid for a limited time for a specific site.
    • The File Handling API, which allows web applications to be registered as file handlers. For example, a web application running in PWA (Progressive Web Apps) mode with a text editor can register itself as a handler for ".txt" files, after which it can be used in the system file manager to open text files.
      Chrome Release 92
    • The Shared Element Transitions API, which allows you to use ready-made effects provided by the browser that visualize the change in the state of the interface in single-page (SPA, single-page applications) and multi-page (MPA, multi-page applications) web applications.
  • The size-adjust parameter has been added to the @font-face CSS rule, which allows scaling the glyph sizes for a specific font weight without changing the value of the font-size CSS property (the area under the character remains the same, but the size of the glyph in this area changes).
  • In JavaScript, the at() method is implemented in the Array, String, and TypedArray objects, which allows using relative indexing (the relative position is specified as the array index), including specifying negative values ​​relative to the end (for example, "arr.at(-1)" will return the last element of the array).
  • The dayPeriod property has been added to the JavaScript constructor Intl.DateTimeFormat , which allows you to display the approximate time of the day (morning, evening, afternoon, night).
  • When using SharedArrayBuffers, which allow creating arrays in shared memory, the definition of the Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy HTTP headers is now required, without which the request will block.
  • The "togglemicrophone", "togglecamera" and "hangup" actions have been added to the Media Session API, allowing sites that implement video conferencing systems to attach their own handlers for the microphone mute / unmute, camera mute / turn on and end buttons shown in the picture-in-picture interface call.
  • Added the ability to filter found Bluetooth devices by manufacturer and product IDs to the Web Bluetooth API. The filter is set via the "options.filters" parameter in the Bluetooth.requestDevice() method.
  • Implemented the first stage of trimming the contents of the User-Agent HTTP header: the DevTools Issues tab now displays a deprecation warning for navigator.userAgent, navigator.appVersion, and navigator.platform.
  • Made some improvements to web developer tools. The web console provides the ability to override "const" expressions. In the Elements panel for iframe elements, the ability to quickly view details is provided through the context menu shown when right-clicking on an element. Improved CORS (Cross-origin resource sharing) error debugging. The ability to filter network requests from WebAssembly has been added to the network activity inspection panel. A new CSS Grid editor ("display: grid" and "display: inline-grid") has been proposed with the function of previewing changes.
    Chrome Release 92

In addition to innovations and bug fixes, 35 vulnerabilities have been fixed in the new version. Many of the vulnerabilities were identified as a result of automated testing tools AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. No critical issues that allow bypassing all browser protection levels and executing code in the system outside the sandbox environment have been identified. As part of the vulnerability bounty program for the current release, Google has paid out 24 awards worth $112000 (two $15000 awards, four $10000 awards, one $8500 award, two $7500 awards, three $5000 awards, one $3000 award, and one $500). The amount of 11 rewards has not yet been determined.

Source: opennet.ru

Add a comment