Google Chrome 94 is out with security fixes, a 4-week release cycle, and Extended Stable channel
Google Chrome 94 is available. The new version of Google Chrome fixes security issues and the first version of the browser that is released in the new 4-week release cycle. Previously, Chrome Stable was released every 6-weeks, but Google announced in March 2021 that it would switch to a faster release cycle. Enterprise customers may switch to the Extended Stable channel to get new stable updates every 8 weeks, but security updates more frequently.
The Extended Stable channel is available for Windows and Mac devices only. Enterprise users find information about the new channel and how to switch to it on this Google Chrome Enterprise Help page. Basically, what needs to be done is set the TargetChannel policy to Extended. Google recommends that customers use the roll back to target policy to go back to the previous version of Chrome when the switch to the Extended Stable channel is made.
Chrome 94 release information
Google Chrome 94 is a security release first and foremost for the stable channel. Google reveals that 19 different security issues were fixed in the new version, several of which rated as high, the second-highest rating after critical.
Google Chrome is being rolled out over time to all devices that support automatic updates. Admins may speed up the process on desktop systems by loading chrome://settings/help. The page displays the current version of Chrome and runs a query for updates. The new update should be picked up automatically by the browser.
Security-wise, Chrome 94 is blocking requests to private networks from insecure public websites.
The aim is to protect users from cross-site request forgery (CSRF) attacks targeting routers and other devices on private networks. These attacks have affected hundreds of thousands of users, allowing attackers to redirect them to malicious servers.
Google plans to run a deprecation trial until Chrome 102 to give companies and developers enough time to make necessary changes to sites.
Chrome 94 is the first version of the browser that supports HTTPS-First mode officially. It is available in Chrome for desktop systems and for Android. Chrome tries to upgrade page loads to HTTPS and will display a warning message to users if the connection can't be upgraded.
HTTPS-Only Mode is not enabled by default. Users find it on chrome://settings/security as "Always use secure connections". If the feature is not yet available, set chrome://flags/#https-only-mode-setting to Enabled and restart Chrome to display it.
Another new feature that appears to be on the roll-out in Chrome 94 is the new desktop sharing hub feature. It adds an icon to the Chrome omnibar that displays share options in a single menu.
Just select the icon and pick one of the available options: Copy link, QR Code sharing, Cast, or Save Page as. Options to share the link to Facebook, Twitter, Reddit, LinkedIn and Pinterest are provided as well in the menu.
If the share hub icon is not yet available, load chrome://flags/#sharing-hub-desktop-omnibox and set the flag to Enabled. It is displayed after the restart of the web browser. Another experimental preference adds it to the main menu of the browser instead. Set chrome://flags/#sharing-hub-desktop-app-menu to enabled to activate it.
Chrome 94 for Web Developers
Chrome 94 introduces new features and improvements for web developers. The WebCodecs API is now available in the browser by default. It "eliminates [..] deficiencies by giving programmers a way to use media components that are already present in the browser" according to Google.
WebGPU, the successor to the WebGL and WebGL2 graphics API is available as an origin trial in Chrome 94. Google plans to include it in Chrome 99 by default.
The Developer Tools include the following improvements:
- Use DevTools in your preferred language
- New Nest Hub devices in the Device list
- Origin trials in the Frame details view
- New CSS container queries badge
- New checkbox to invert the network filters
- Upcoming deprecation of the Console sidebar
- Display raw Set-Cookie headers in the Issues tab and Network panel
- Consistent display native accessors as own properties in the Console
- Proper error stack traces for inline scripts with #sourceURL
- Change color format in the Computed pane
- Replace custom tooltips with native HTML tooltips
- [Experimental] Hide issues in the Issues tab
Google removed or deprecated the following features:
- Deprecate and Remove WebSQL in Third-Party Contexts
- Restrict Private Network Requests for Subresources to Secure Contexts
Now You: have you updated to Chrome 94? What is your impression?
I stopped using Google Chrome from version 86.0 never back.
I am surprised so many common sites are https these days, but links they point to are just http. I hope such sites will put pressure on URLs they reference to “get with the program”.
Cannot wait for HTTP-Only Mode to be enabled by default!
Google has blessed us with a new release of Chrome. The best browser just gets better.
Of course I have upgraded from Chrome 93 to 94. WOW, is all I can say.
So many features, not only is it providing a perfect browsing experience, it also is providing perfect privacy options to keep the user protected at all times.
What a time to be alive.
My gateway/router box is set for Quad9 DNS 9.9.9.9. I assume with Chrome 94, it is correct to specify Use secure DNS with your provider rather than Custom, which has no predefined Quad9 choice.
Yes, that is correct. You can also add a custom provider, but need a special URL for that.
Its still a pig, without lipstick. At least Brave tries to pretty itself
And people are calling me a troll when I put this guy in his place. Unbelievable. gHacks is done.
You are a true hero Iron Heart! The best person on gHacks! You’re too good for us, we’re holding you back! Leave this backwards little forum behind, go find your stage where you can be a be star!
@AmanoJyako
Yet another one who ignores that I am dealing with a clear cut troll because he hates me, somehow managing to shift the blame to me. How creative. Has never been done before.
@ Iron Heart
You are a true victim, my friend! These trolls are too good for you! Stop feeding them BS and they will “magically disappear into thin air”
@AmanoJyaku
> magically disappear into thin air
Just do it then. My replies are more factual than most here, I am not feeding anyone BS, and I am therefore not a troll. I am also not victim playing, you absolute moron. Anyone who is not 100% biased against me and / or blind can see that people are trolling me here, my own feelings regarding that notwithstanding.
You should cease trying to climb trees, for you seem to be running against them, head first, if your posts are anything to go buy.
Also, in your head, totally rent free.
Says the dude who has Mozilla living rent free in his head.
not just a pig, but security has to be concern now. i see a plethora of use-after-free bugs again, to go with the eight highest rating severe CVEs used in the wild already patched this year
@karl
Are you aware of the fact that Firefox fixes high severity bugs every month as well? 8 CVEs classified as extremely severe this year so far is not bad for a software with the complexity of an operating system. In fact, it is expected.
Also, thanks for the shoutout re. Firefox vs. Chromium security: https://madaidans-insecurities.github.io/firefox-chromium.html
> 8 CVEs classified as extremely severe this year so far is not bad
are you smarter than a 3rd grader? can you read?
that is only a fraction: the count of 8 refers to in-the-wild highest-rating-severe CVEs that are use-after-free
the actual number of severe CVEs, and use-after-free CVEs are much much higher
iron heart caught lying yet again
@karl
> are you smarter than a 3rd grader? can you read?
> that is only a fraction: the count of 8 refers to in-the-wild highest-rating-severe CVEs that are use-after-free
I repeat: “8 CVEs classified as EXTREMELY SEVERE(!!!!!!!!!!!) this year so far is not bad for a software with the complexity of an operating system.” I know that there are more security issues. Other browsers also have more security issues apart from their most severe ones. Big surprise right there.
> iron heart caught lying yet again
Rather, you were caught being a dumbass again.
your alternate reality and facts are disturbing
“8 CVEs classified as severe that were in-the-wild and that are use-after-free”
“8 CVEs classified as severe”
these are not the same and you are lying, the number in your description is much higher
@karl
Accusing me of lying again on the most flimsy grounds imaginable. “Whaaaa you didn’t word it the exact same, I no longer understand what you meant you liar whaaaaa…” Like, dude, give it a rest – I am sure the majority here understands my comments correctly. You can willfully misunderstand anyone if you really are dead set on it. No point in discussing this with a hater looking for a fight.
Just wow. Someone expressed their opinion, and Iron Heart took it to heart and plays the victim yet again, and then claims to have “put this guy in his place”. This is obsessive, delusional behavior and indicates someone needs help. Do we need to hold an intervention?
@gunter
All your railing against me doesn’t change the fact that this guy is a troll. Even the nickname is straight from the troll cave.
Seems like you are the delusional one.
I’m not railing at you, I’m trying to help you. Have you ever considered not trying to save the entire internet every day?
@ :-)
At least I am not without an argument. :-D