Google Chrome 84 is out with security patches
Google released Chrome 84 Stable, the latest version of the stable branch of its browser Google Chrome, to the public on July 14, 2020. The new version is a security update first and foremost, but it introduces other changes and improvements to the browser as well.
Google plans to roll out the update over the coming days and weeks; users who use Chrome may want to upgrade early to fix the security vulnerabilities found in earlier versions of the browser.
On desktop, users may select Menu > Help > About Google Chrome to run a manual check for updates. The new version should be picked up and installed automatically at that point. Chrome needs to be restarted to complete the update to the new version.
Chrome 84
Google's announcement on the official Chrome Releases blog is, as usual, vague when it comes to changes in the browser.
The company notes that the update includes 38 security fixes, and that at least one of these patches a critical vulnerability in earlier versions of the browser (heap buffer overflow in background fetch, CVE-2020-6510).
Posts on Google's Developer site provide more information, albeit development related:
- Developers may add so-called App icon shortcuts to their PWA. On desktop, right-click on a shortcut to display the menu. Android users need to long-press the icon.
- New Web animations API capabilities.
- Content Indexing API graduated, ability to add URLs and metadata to offline content to improve discoverability.
- Wake Lock API is now available.
- Origin trial: Idle detection
- Origin trial: Web Assembly SIMD
- Origin trial: QuicTransport
- Developer Tools: new issues tab aims to "reduce the notification fatigue and clutter in Console" by highlighting warnings from the browser.
- Developer Tools: new Total Blocking Time information in the footer that reveals the time it took before the page became usable.
- Developer Tools: new Experience section in Performance helps detect layout shifts.
- Developer Tools: Hover over background-image to see a preview of that image.
Google resumes the gradual rollout of the SameSite cookie changes which Google started to roll out initially in Chrome 80 but suspended shortly thereafter.
SameSite limits access to cookies in the browser to first-party access by default. Web developers get controls to change that, but unless that is done explicitly, cookies cannot be accessed in third-party contexts anymore once the change lands.
Google Chrome 84 will be the first version of Chrome that silences notifications for sites that have abusive permission requests or make use of abusive notifications.
Google has deprecated TLS 1.0 and 1.1 in Chrome 84 and intents to remove support in a future version. Currently, both protocols are still supported.
Chrome 84 will display warnings to users if a download is not initiated from a secure context. Google Chrome displayed warnings in the Console since version 81 of Chrome. The company plans to block insecure downloads on the desktop in Chrome 88, and one release later on Android.
The next stable version of Google Chrome is scheduled for a release on August 25, 2020.
Now You: Do you use Google Chrome? What is your take on this new release?
Here’s an interesting story…
https://bitcoinexchangeguide.com/forked-brave-braver-caves-to-legal-pressures-switches-name-to-bold-browser/
User name checks out. Defending your trademark is perfectly reasonable. Hey, I will open a shop and name it Walmart-er, let‘s see if I get away with it. /s
I think if Firefox improved their hardware acceleration settings, didn’t enable doh by default, and further tweaked their Javascript engine, they’d be way faster than they are on newer machines. I think Vivaldi is actually better than it used to be what with adding built in features that take the place of almost any extension I used to use on it. They could improve their interface a bit though and leave more of the google stuff out like make the user have to turn on webrtc by default and leave google dns prefetching and autofill out, but that’s just me.
https://i.imgur.com/wr6FPBu.png
I have been using vivaldi browser a little while now.Nice chromium based browser.
Already using the correspondent Brave release, and the the Ungoogled Chromium equivalent.
I agree with the comment of “Anonymous” posted before, but would like to add that all mainstream browsers are more nefarious than the smaller, lesser known projects, partially because the big browsers are developed by big corporate operations inclined to make money, so privacy is very much an afterthought.
> all mainstream browsers are more nefarious than the smaller, lesser known projects, partially because the big browsers are developed by big corporate operations inclined to make money, so privacy is very much an afterthought.
Brave has it’s own share of controversies, and logic like “big is bad and small is good” is flawed. Firefox is mainstream, but it is widely regarded as privacy-conscious option (deprecates old flawed technologies like old TLS versions, supports unbiased tracker blockers natively). Safari is mainstream on Apple devices and it also created a few generations of “intelligent tracking prevention” approaches.
> Brave has it’s own share of controversies,
You can make a controversy out of anything, the fact of the matter is that, until today, the Brave browser has not done anything that could have put user data at risk, either directly by collecting it, or indirectly by deliberately simplifying access to it.
Brave is being criticized for supposedly having whitelisted Facebook and Twitter trackers. This is not true, you can find an actual explanation here, in case you are interested:
https://nakedsecurity.sophos.com/2019/02/12/privacy-browser-braves-user-concern-over-facebook-whitelist/
They needed to unblock certain script, as Facebook or Twitter wouldn’t have worked at all otherwise (which I am sure you agree, would be suicidal for any browser wanting to become more mainstream), and the elements they whitelisted can’t be used to track you in the first place. The whitelist is there strictly for web compatibility reasons, not because of some evil master plan of Brave. They are also transparent about the whitelist and one can disable it int he settings under brave://settings/socialBlocking …
The second “controversy” revolving around Brave was Brave adding referals to URLs of certain Brave partner websites, e.g. Binance – strictly speaking they didn’t add them outright, the referal link was merely the first suggestion out of a list of suggestions. The purpose of the referal was to identify Brave on certain partner websites as Brave, because usually, for web compatibility reasons, Brave identifies itself as Chrome. Another method they could have used to that end would have been a user agent change for those websites, which would have been preferable IMHO, but ultimately the referal served the same purpose (to identify Brave as “Brave” instead of “Chrome” on select partner websites). The referal link also wasn’t a privacy issue, because every Brave user used the very same referal link, no single Brave user could have been identified based on the referal link. Brave also no longer has those referal links enabled, they are off by default now.
It should be noted though that other browsers also use referals. Vivaldi, for example, funds itself by adding a referal whenever you perform a search within the browser, this way it lets its search engine partners know how many people used their search engine within Vivaldi. It’s a way of funding that doesn’t impact user privacy, and I generally prefer browsers to fund themselves with harmless methods like this, instead of the sale and / or processing of user data, but maybe that’s just me.
Those are the only two “points of contention” regarding Brave that I am aware of, both are being misrepresented frequently, and indeed have had no impact on user privacy. Consequently, they are not a reason to distrust Brave (for me).
> Firefox is mainstream, but it is widely regarded as privacy-conscious option
I won’t comment much on that because I don’t want things to escalate here (again) – the Firefox fans don’t like the things I have to say about it in general – but Firefox is of course, if you use it with its default settings, not a privacy-conscious browser. You can potentially turn it into a privacy-respecting browser by implementing dozens of about:config changes and with various add-ons, but in terms of the default settings, Brave is clearly more privacy-respecting than Firefox. And let’s say I configure Firefox in a way that still allows websites to work reasonably well without breaking things left and right – I have noticed that such a setup is not necessarily superior to what I already have with Brave. I would agree with someone stating that Firefox allows for even more extreme setups in terms of privacy protections, but if you reach that level, you have essentially stopped using the browser as a browser. Privacy for privacy’s sake, not caring if stuff that I want to use breaks left and right, is not a useful premise in my opinion.
Even though Firefox can be fixed (and one has to permanently remain on top of the situation, because Mozilla tends to add new prefs every 4 weeks or so), I do not trust it, simply because of some Mozilla practices, like secretly sneaking in FF experiments that run with high privileges behind my back, or shipping the mobile version of Firefox Preview with trackers built-in, or their ever-expanding telemetry.
A heavily modified Firefox (preferably ESR) is OK, but Brave is the best overall browser between the factors privacy, performance, security. All IMHO of course, anyone feel free to disagree or to use something else instead, not trying to advertise anything here.
> Safari is mainstream on Apple devices and it also created a few generations of “intelligent tracking prevention†approaches.
I agree that Safari’s anti-tracking techniques are smartly done, but sadly enough, even though I own a Mac, Safari is easily disqualified here by virtue of it not having some of the privacy extensions I consider to be essential. This situation might change with Big Sur and Safari adopting WebExtensions APIs, but even then I’d very much prefer to use an open source browser over it.
>> Firefox is mainstream, but it is widely regarded as privacy-conscious option
>I won’t comment much on that because I don’t want things to escalate here (again)…
…and yet half of your replay (essay?) manages to be about ff despite “you won’t comment much on that”…
Lesser known projects of small companies can’t survive without the code of the big corporate operations anymore. Websites, everything about internet is too complex today and browsers need an army of paid developers to be made and maintained. How all these devs are going to be paid? Look what happened to good old opera, sooner or later firefox will end up a chromium fork, I don’t think their paid services efforts will succeed. How many of the people who moan about their privacy do you think would pay with money for a browser? Nodoby.
@Anonymous
> Lesser known projects of small companies can’t survive without the code of the big corporate operations anymore. Websites, everything about internet is too complex today and browsers need an army of paid developers to be made and maintained.
I totally agree. However, the major browser engines are open source, and how many devs you need in a project always depends on the scope of changes you want to introduce. Take Ungoogled Chromium for example, this project uses the open source code of Chromium, and its only goal is to strip the browser from all connections to Google, and otherwise leave the browser unchanged. This is something one person can feasibly do, and in this case the developer has been doing it for years now:
https://github.com/Eloston/ungoogled-chromium
Yet of course I am not saying that smaller browsers like Vivaldi or Brave, which implement far more complex changes, can survive as hobby projects with just one developer or something. That wouldn’t be possible of course.
Bottom line is: It depends on what you want to do, this will determine the number of devs needed. The basic browsers, upon which the smaller projects are built, themselves are open source and the burden of development lies with big corporations anyway.
> Look what happened to good old opera,
Ouch, that hurt. I liked that browser. :(
They switched to a Chromium base and called it a day, this was somewhat expected even, but what I don’t understand to this day is why they didn’t bother to go down the “Vivaldi route”, instead deciding to simplify the browser until it was barely recognizable.
> I don’t think their paid services efforts will succeed.
Neither do I. Well, I could even see those services (e.g. Firefox Send) having a small user base, but definitely not enough to make Mozilla independent of Google money.
> How many of the people who moan about their privacy do you think would pay with money for a browser? Nodoby.
Of course nobody pays for a browser, I agree of course. But then again, projects like Ungoogled Chromium will continue to exist as unpaid efforts, because one developer can totally achieve the goal set for the project (removing all connections to Google from Chromium), the burden of development for Chromium itself lies with Google (and other major Chromium contributors like MS) anyway.
Do you use Google Chrome? No I don’t,never have.Because I know it is horrendous for privacy and telemetry.Google wants to know too much not to mention that it is in fact closed source.
And its really surprising that it has such a large market share,this is a nefarious browser we are talking about.
I use it, because it’s the fastest browser and it has DRM support, other 3rd party Chromium browsers either don’t get updates too often, or have performance issues or have cut DRM support so I can’t listen to music on Spotify Web Player for example. And I could come across a lot of websites with video players that require DRM so my safest bet is to stick with Chrome. Firefox on the other hand has been a dead trash for years, so it’s not even worth considering as an alternative anymore.
@Alan Combe
> other 3rd party Chromium browsers either don’t get updates too often
I use Brave, it gets updated shortly after a new Chrome update is released. Proof? Chromium 84.0.4147.89 along with Chrome (same version) was released today, Brave already has a release that is based on the same version, which gets distributed to users today:
https://github.com/brave/brave-browser/releases/tag/v1.11.97
Brave 1.11.97 is based on Chromium 84.0.4147.89.
> or have performance issues
I get the same performance as Chrome or sometimes even better (Brave doesn’t load ads by default, while Chrome does, although you can fix this in Chrome via uBlock Origin).
> or have cut DRM support
Brave has a fully operational DRM support, same as Chrome. All I need to do to get DRM working is to navigate to brave://settings/extensions and then enable the Widevine (DRM) option:
https://www.chevdor.com/img/post/2019/brave-wallet/settings.png
The reason I use Brave over Chrome is that it has cut connections to Google, see here:
https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)#services–features-we-disable-entirely
Vivaldi, too, has a very quick release schedule, and also Widevine DRM support:
https://vivaldi.com/wp-content/uploads/Flashback-1-980×551.png
However, you mentioned performance being a concern, and I generally find Vivaldi (both interface and to a lesser degree browsing speed) to be slower than Brave, although it’s more customizable and feature-rich, which is a plus.
@Iron Heart
Brave completely ignores user feedback and does whatever they want to do, they don’t even bother responding on the forums to issues. Also that purple/orange gradient that’s everywhere in the browser looks like vomit and it makes me want to vomit. Also Brave’s built-in ad-blocking cannot be permanently disabled, it only works per-website and it breaks many websites and it causes to waste precious time trying to figure out what’s wrong, that doesn’t happen on Chrome with Nano Adblocker + Nano Defender.
Vivaldi is a bloated dead weight at this point – I’ve tried using it a few weeks ago and it would struggle with performance on most websites. I install Chrome and the same websites work flawlessly.
A lot of Chromium browsers struggle with YouTube, especially when you enable and disable full screen on a video. Most browsers cause the transition to be delayed to 1-2 seconds with the video being frozen or only playing on the quarter of the screen space until it responds again and stretches properly. That doesn’t happen on Chrome.
And I have the computer that this shouldn’t be happening on, it only happens with those half-assed 3rd party browsers that try to act like they know what they’re doing, but in the end they have no idea what’s going on.
I’d rather use Chrome and be tracked or whatever, but have a proper and snappy browsing experience, than struggle with some 3rd party untested browsers that break on so many websites that they are unusable.
@Alan Combe
> A lot of Chromium browsers struggle with YouTube, especially when you enable and disable full screen on a video.
I have the same problem in every chromium-based browser. I tried with or without extensions. Sometimes is laggy in other sites. In my computer Firefox is the only browser that works really well.
@Alan Combe
> Brave completely ignores user feedback and does whatever they want to do, they don’t even bother responding on the forums to issues.
The forums have moderators that are not Brave developers, the correct place to contact developers directly is GitHub, that’s the case with most projects out there.
> Also that purple/orange gradient that’s everywhere in the browser looks like vomit and it makes me want to vomit.
The only place where I would call Brave’s color scheme “aggressive” are its settings, which I only access once – when I set up the browser. Thereafter I never access them again unless there is some new setting that catches my interest (so hardly ever).
> Also Brave’s built-in ad-blocking cannot be permanently disabled, it only works per-website and it breaks many websites and it causes to waste precious time trying to figure out what’s wrong, that doesn’t happen on Chrome with Nano Adblocker + Nano Defender.
It can be disabled, except for the EasyList and EasyPrivacy lists. One has to go to brave://adblock/ and uncheck all lists there. After you have done that, go to brave://settings/shields and disable the blocking of cross-site trackers, allow all cookies, and perhaps allow all fingerprinting – this will guarantee maximum website compatibility.
This also lowers privacy considerably of course, but if you want to push Brave to the background and rely on other tools mainly, then this is the way to go. As I said, only the EasyList and EasyPrivacy will remain active no matter what, but those are very, very unlikely to break any website.
Of note: Using Nano Adblocker and Nano Defender is still a good idea in any browser. :)
> A lot of Chromium browsers struggle with YouTube,
Absolutely can’t confirm, and it would be very odd for a Chromium-based browser to struggle on YouTube of all websites. I have Brave running here with all(!) adblock lists enabled + Nano Adblocker and Nano Defender + Enhancer for YouTube, and it doesn’t struggle on my Mac. Perhaps you should check whether or not you run any YouTube-related (or generally video-related) extensions that might cause issues.
If I had this problem, I’d also try to alternate between enabling and disabling hardware acceleration on brave://settings/system and see if that works.
Another hint for all Chromium-based browsers, including Chrome: You can lower the pressure put on your hardware by codecs like VP9 (which Google uses on YouTube by default) by using this extension: https://chrome.google.com/webstore/detail/h264ify/aleakchihdccplidncghkekgioiakgal?hl=de
This will enforce H.264 (a lighter codec) on YouTube, and has greatly reduced CPU spikes caused by YouTube for me.
> And I have the computer that this shouldn’t be happening on, it only happens with those half-assed 3rd party browsers that try to act like they know what they’re doing, but in the end they have no idea what’s going on.
I think this statement at least needs a huge qualifier set before it, the teams do know what they are doing in my opinion.
> I’d rather use Chrome and be tracked or whatever, but have a proper and snappy browsing experience, than struggle with some 3rd party untested browsers that break on so many websites that they are unusable.
There is also Edge and Opera, they are botnet as well of course, but at least you are not sharing your data with the same entity of which you already use the search engine, and YouTube and…
I hope my comment was helpful to you, no matter which browser you use.
@Alan Combe
Correction, since the recent version 1.11.97 (can be downloaded under “Assets”)…
https://github.com/brave/brave-browser/releases/tag/v1.11.97
…it is now possible to disable the internal adblocker of Brave (including EasyList and EasyPrivacy) for all websites under brave://settings/shields
Just wanted to let you know.
@Iron Heart:
Every browser benchmark I’ve ran on my laptop shows Vivaldi doing markedly better than the corresponding Brave version… Both much better than Firefox, mind you.
@ShintoPlasm
Hard to say, also depends on your hardware configuration and operating system. On macOS, Brave is markedly better than Vivaldi. It’s a case of YMMV, and I have a hard time making any precise statement regarding performance. What anyone should do is to test it themselves (on their own hardware), I don’t deny at all that Vivaldi can be better. It’s just not the case for me, at all.
@Iron Heart:
macOS is weird like that – software that works great on Win10 is lousy on macOS and vice versa. I definitely remember Vivaldi being a horrible slog on Mac, as is Firefox, while they’re both much better on PC. Go figure…
People don’t care about telemetry and privacy. In fact they think that people like you are people that have something to hide, terrorists, pedophiles etc. The sooner you realise this the sooner you will realise that their marketshare is not surprising.