Google released Chrome 95: here is what is new
Google Chrome is still the most popular desktop browser, at least when it comes to the number of users who have it installed. Google released a new stable version of Chrome that brings the browser to version 95 on all platform. To be precise, Google Chrome 95.0.4638.54 is the full build number.
As is the case with all Chrome releases, these are distributed over time automatically to all devices Chrome is installed on. Chrome desktop users may speed up the process by selecting Menu > Help > About Google Chrome to run a manual check for updates. The update is picked up and will be installed.
Google Chrome 95
Chrome 95 is a security update first and foremost. Google's Chrome Releases blog reveals that 19 different security fixes are included in the new browser version. The highest severity rating is high, the second highest after critical.
Feature-wise, Chrome 95 is not a big release. Google did make some changes to existing features and did add some new features to Chrome.
Chrome 95 is the first version of the web browser that does not support FTP anymore. Chrome will prompt the user when FTP links are activated or typed in the browser's address bar. Users need to select an application to complete the action. Somewhat related to that is the option to make web applications the default for certain types of URLs of files. Up until now, only installed programs would appear in Chrome's selection options.
Chrome users who use the browser's tab grouping functionality find a new option to save groups. The option is not enabled by default, but users may enable it by loading chrome://flags/#tab-groups-save in the Google Chrome address bar and setting the Tab Groups Save flag to Enabled on the page. A restart is required before the new save group option becomes available.
Just right-click on a tab group at any time after the restart to get the new "Save group" option in the context menu. The selection of the option saves all tabs to the bookmarks from where they can be reopened at a later point in time.
The feature is not that useful to users who restore the last browsing session. It may be of use if you want to save all tabs of a group for save-keeping. You can check out our Chrome Tab Groups saving and restoring guide here.
Update: this is not yet fully implemented in Chrome 95.
Chrome 95 includes several other changes. Here are the highlights:
Secure payment confirmation -- May be used by sites to improve the secure payment confirmation process. Google notes that the implementation improves security and "provides a better user experience" than existing solutions.
The feature adds a new 'payment' extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the 'secure-payment-confirmation' payment method.
EyeDropper API -- Developers may use the API to create custom color pickers.
Rejection of non-IPv4 hostnames ending in numbers -- Chrome will reject hostnames such as 127.0.0.0.1 or 127.1, as these may be potentially dangerous or confusing to users.
Cookie size limits -- Implementation of spec to ilimit the "sum of the lengths of the cookie's name and value to 4096 bytes, and limit the length of each cookie attribute value to 1024 bytes". Attempts to set cookies that exceed the name and value limit are rejected, and cookie attributes that exceed the length limit are ignored.
New CSS length authoring tools -- In the Styles pane, hover any CSS property with length information, e.g. height or padding. The type is underlined, and you may click on it to change the unit type.
Google published a developer post with additional developer changes in Chrome 95.
Now You: what is your take on Chrome 95? Do you use the browser?
Unfortunately, Chrome 95 has FORCED the ugly and useless “Add Bookmark / Add to Reading List” menu on users. Previously one could disable this option via a flag. That flag no longer exists, unless someone knows of another way. Thanks
I reported this to Google, however a temporary solution is to go to chrome://flags/ and enable “Temporarily unexpire M94 flags”. Click the prompt to restart Chrome. This will allow you to access the needed flag, “Reading List”. Disable “Reading List” and you are good to go… at least for now.
Those flags will be removed soon, a more permanent solution is the one I mention in this comment:
Glad to see, incidentally to the main topic, that there is a way to disable tab scrolling !
“Google Chrome is still the most popular desktop browser, at least when it comes to the number of users who have installed it.”
Typo: -> the number of users who have it installed
“blog reveals that 19 different security fixes are included in the new browser version.”
Including 5 “high”. High five Google. Google much secure. Imagine all the unknown ones. And imagine the known ones from Google that are not disclosed (at all/immediately) and used to better mankind as defined by the dwellers of the Google world.
> Including 5 “high”. High five Google. Google much secure. Imagine all the unknown ones. And imagine the known ones from Google that are not disclosed (at all/immediately) and used to better mankind as defined by the dwellers of the Google world.
Hell yeah! Switch to Fire…
…fox. Never mind.
I know its exhausting to repeat same old nonsense over and over again and in the end you’re just running in circles. But hey everyone have different priorities.
iron heart has spammed this link 200 times now, and madaidan has a well known history of throwing tantrums with mozilla and has a documented beef with them. Anyone can cherry pick to paint a darker picture than reality
here is a mozilla security engineer explaining some security basics
all browsers can improve security, but that doesn’t mean they aren’t already highly secure and work just fine for 99.99999999999999999999999999999% of the time
Meanwhile chrom/ium is a bigger liability (just one more piece of the puzzle that iron heart never mentions) due to being a more attractive target – here are TWELVE zero-days USED IN THE WILD, patched this year alone, meanwhile Firefox has has NONE
Expect the carnage to continue
2021 stats: chrome 12, firefox 0
2020 stats: chrome 8, firefox 3
What you posted was completely self-refuting. You said it yourself, Chromium is an attractive target with 80% market share vs. Firefox with 3% market share. Do you realize how much scrutiny Chromium (and Electron) are getting compared to FF? Counting / listing security issues, thinking that this is saying something all by itself, is a method of cretins because the sheer numbers fail to account for the popularity of the software in question and thus the scrutiny it is getting, and also fails to account for the actual severity of the issue outside of pure classification. That Firefox had zero ritical issues in 2021 is a complete lie by the way.
Firefox has deep architectural security issues, which madaidan matter-of-factly describes (beef with Mozilla or not, I have not seen anything indicating that madaidan is operating outside of the facts or is getting personal), and which you fail to address outside of ad hominem blah blah.
PS: Quoting from the Mozilla engineer you linked to: “It is true that, as of this writing, Chromium’s content process sandbox is more restrictive than Firefox’s sandbox (this is continually changing though as the Gecko hardening team continues to make improvements).” – That was 8 months ago, Chromium is still years ahead. Good luck.
> That Firefox had zero ritical issues in 2021 is a complete lie by the way.
read, absorb. less talking, more reading. this is a count of patched zero-days in the wild
> Chromium is an attractive target with 80% market share vs. Firefox with 3% market share
so you are confirming that it is an attractive target which is what I said. less noise and repetition, more relevant facts please
the fact it is so juicy a target makes it a liability – that’s “because the sheer numbers fail to account for the popularity of the software in question”, which is what I did, as you asked.
“Scrutiny” of browser code !== amount of users. Also, did you know that 10% of firefox is written in Rust, a memory safe language
confirmed by iron heart: chromium is a JUICY target and thus gets exploited ALL THE TIME, because no one cares about Firefox
> I have not seen anything
he’s your mate. you link and quote him all the time. surely you know his history. tell me you don’t just blindly follow random people on the internet. can you use a search engine? have you done due diligence and researched the facts? he has a beef and it is documented – go look for it yourself
> read, absorb. less talking, more reading. this is a count of patched zero-days in the wild
Less talking, more qualification needed. So you were only talking about zero days that were reportedly not abused in the wild. Good to know, lol. *rolls eyes* When you state it like that, it has to be assumed (as I did) that you mean any and all zero days.
> the fact it is so juicy a target makes it a liability
It has higher exploit resistance than Firefox still. Read the madaidan article. It is just receiving more scrutiny, which you call a “liability”, but your conclusion that this automatically makes Firefox the better overall choice is a non-sequitur.
> “Scrutiny” of browser code !== amount of users.
There is definitely a connection between the two. Stating the obvious: More people using the browser makes it attractive to attack from the point of view of evil-doers.
> Also, did you know that 10% of firefox is written in Rust, a memory safe language
Misleading argument, addressed in the madaidan article I linked to above:
“Firefox does have some parts written in Rust, a memory safe language, but the majority of the browser is still written in memory unsafe languages and the parts that are memory safe do not include important attack surfaces so this isn’t anything substantial and Chromium is working on switching to memory safe languages too.”
> confirmed by iron heart: chromium is a JUICY target and thus gets exploited ALL THE TIME, because no one cares about Firefox
Dude, this only confirms you having made a misleading argument. Since Chromium is getting far more scrutiny, comparing it directly to Firefox in its irrelevancy makes no sense. If Firefox received anywhere close to the attention of Chromium, a similar (likely higher) number of issues would be found.
Your argument, with some honesty added on top of it, is as follows: “Yeah Chromium is getting more scrutiny and thus a higher number of issues are discovered, yet I choose to disingenuously compare it to irrelevant Firefox anyway, to make it seem as if Firefox’s exploit mitigations are way tougher. Furthermore, I think security via obscurity is sufficient. I don’t care about comparing the bare metal exploit resistance.”
Is that about correct? If so, I can only laugh about it. Anyone who wants to read up on Firefox’s actual exploit resistance and correctly assumes that security via obscurity ? actual exploit resistance can read the madaidan article and will be sufficiently informed after that.
Does this madaidn even code? Seems like you promoting your own schizo blog:)
> So you were only talking about zero days that were reportedly not abused in the wild
just. stop. talking. you are making an absolute ass of yourself. learn to read. talk less.
> here are TWELVE zero-days USED IN THE WILD, patched this year alone, meanwhile Firefox has has NONE
repeat (and it is linked to a clearly labelled google doc)
> TWELVE ZERO-DAYS **USED IN THE WILD**, PATCHED THIS YEAR (in chrome)
So no, these are not zero days that were reportedly not abused in the wild
Once again, you are confusing scrutiny (code/researchers/testing/fuzzing) with usage and targeting. None of these are the same and do not scale linearly
If browser A has 20x more users than browser B, it does not mean a security team 20x larger, nor 20x more researchers, nor 20x more hackers, nor 20x more exploits, nor browser A’s fuzzing and security checks are 20x more powerful
Why are you even arguing? The fact remains that chromium is more targeted (fact) because it has more users (fact: a very large chunk), and gets more exploits against it including in the wild (fact), which leads to more exploits discovered (fact) and therefore is a bigger liability (fact: because exploits in the wild are patched after the fact) as not all exploits are found (fact)
The only way in which Firefox is more secure is via being an irrelevancy. It has nowhere close to the security practices of Chromium, it is years behind in terms of pure engineering. You claim that a software receiving little to no attention translates to it being secure, which is false, and dumb. You can call a browser being the market leader a “liability”, but in reality the security engineers react very quickly to issues found, more so than Mozilla could ever hope to if they were in the same spot.
Also, if you solely rely on your irrelevance for your security, then better hope and pray that you are not getting any more users than you currently have, because with each new user your level of attractiveness as a target rises.
Security based on irrelevance is not actual security. Chromium provides best in class security practices compared to its competitors and it having numerically more security issues found, due to it receiving much more scrutiny, is not disproving that. If Firefox had 50% market share and Chromium had 50%, it would roughly be a fair contest because Firefox would receive much more attention than it does now, and yeah you would not be able to claim that Firefox is more secure anymore due to misleading number games.
> “You claim that a software receiving little to no attention translates to it being secure”
I did not say that. I did not imply that. I said that chromium is a bigger target because of it’s very large market dominance. I never even compared security, only the risk that being the biggest target carries
First you can’t even read, and now you’re lying
Just. Stop. Talking.
If you need to lie to try and win an argument, you have already lost, and now everyone can see once again, how low you will go.
What are you even arguing about? Don’t drag me into your shitty twisted narrative and irrelevant (and wrong) arguments and assumptions
same with Apple products, Linux and more..
“The selection of the option saves all tabs to the bookmarks from where they can be reopened at a later point in time.”
Nope, this feature is not working yet (not even in the Canary version), when enabling the toggle nothing happens, some time ago I explained on Twitter how the option to save the Tab groups will work:
Chromium developers are still testing different designs for the button (or pill) in the bookmarks bar.
“The selection of the option saves all tabs to the bookmarks from where they can be reopened at a later point in time.”
This part of the article has not been rectified yet, here is a GIF demonstrating that the option to save Tab groups doesn’t work in version 95:
I don’t know why the article says that the tabs are saved to the bookmarks, THIS IS NOT TRUE (as can be seen from the GIF) and anyone can easily check it by enabling the flag.
I’ll be 95 before I use Chrome.
The internet will be Web 3.0 by then and Google isn’t going to matter.
Lemme guess?? lamemoon or lamezilla??
To the interchangeable comment and user name:
When (if) Ul be 95 there will be (if any) ONE web browsing choice. ONE guess…
Brave Browser is better than Firefox. Thank you.
How much “other browser” users have you converted into a FAKE BROWSER? And did it yield an enourmous amount ot BAT”s. This should make man rich I guess.
> Brave Browser is better than Firefox. Thank you.
As is any other Chromium-based browser, in terms of security.
Fake browser? Huh? What do you even mean by that?
And BAT is not meant to make you rich. You are supposed to receive some money for browsing, in the hopes that you give it to your favorite content creators. If you think anyone can get rich via BAT, “LOL” would be my rebuttal.
you need the SHIT as well as BAT to be BATSHIT, that’s why Brave works for iron heart
After updating to this version, my InDesign keyboard modifier commands are not working and I can’t get them back. Anyone else experiencing this?
I’m sure this’ll get drowned out in all the flame wars, but am I the only one getting cert_invalid_date errors on sites that used to work? I suspect it started with V94 so I’m thinking about reverting to V93 to see whether that fixes it :^(