Google Chrome 99 is out with 28 security fixes
Google released Google Chrome 99 Stable and Extended Stable on March 1, 2022 to the public. Both browser versions address 28 different security issues in previous versions of the web browser.
Chrome 99 is already available but the rollout will take weeks to complete. Chrome users who want to update their browser early can do so on desktop versions by selecting Menu > Help > About Google Chrome or by loading chrome://settings/help directly.
Note: if Chrome is not finding the update when you are loading the page, you may download the latest version of Chrome from Google to update it.
The official release notes reveal little about the changes in Chrome 99. While you can take a look at the log file, it is not advised to do so unless you have hours to spend.
The release notes mention 28 different security issues that are patched in Chrome 99. The highest severity rating is high, the second-highest after critical.
Google publishes the list of externally reported issues only on the blog. None of the vulnerabilities appear to be exploited actively, as Google mentions this usually.
The company's platform status page lists 15 changes that are tracked for version 99, but the list is developer-centric. One change, Convert adoptedStyleSheets to use ObservableArray, appears to be controversial as Apple won't implement the change in Safari at this time. Google notes that Mozilla and Microsoft will ship the implementation as well.
Chromium is the only shipped implementation of adoptedStyleSheets. Gecko would like to ship this feature, but has been waiting for the resolution of this issue (FrozenArray vs. ObservableArray) to ship their implementation. This should unblock Gecko [1]. The Edge team supports this change [2]. WebKit continues to be skeptical [3] of this usefulness of this feature, despite the general agreement of the rest of the web components community [4], and the support of the developer community [5][6][7]. So the interop risk is mainly that WebKit decides not to implement this feature.
The remaining changes affect:
- "paintworklet" destination for PaintWorklet
- Allow infinity, -infinity and NaN in CSS calc()
- Autofill in ShadowDOM
- CSS cascade layers
- HTMLInputElement showPicker()
- Handwriting Recognition API
- Intl Enumeration API
- Intl Locale Info in ECMA402
- New Canvas 2D API
- Origin Private File System extension: AccessHandle
- Remove font-family -webkit-standard
- Replace GamepadList with sequence<Gamepad?> for navigator.getGamepads() return value
- Unprefixed text-emphasis properties
- Window Controls Overlay for Installed Desktop Web Apps
Closing Words
Most of these changes will find their way into all other Chromium-based browsers, including Microsoft Edge, Vivaldi, Brave and Opera.
Now You: when do you update your browsers?
How do I remove “search picture with Google lens” from the context menu? It’s terrible garbage. I want the normal google picture search back. If it’s not possible, I will stop using Google Chrome.
@SEARCH
it can be disabled in chrome://flags.
@computer said no
Yeah. It’s still disabled from before, but it’s back in the context menu and search google for image is long gone.
@computer said no
No it can’t. Apparently it was possible before, but not anymore.
No. I will not install an extension to do that. I will uninstall Google Chrome from our companys computers.
thank you, martin, for the articles. if i want to know what is new with chrome, or with firefox, ghacks is the place to come.
Finally Chrome could be manually updated to Version 99.0.4844.51 (Official Build) (64-bit) for me.
It appears my inability to upgrade to Chrome 99 was caused by a trojan https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aHTML%2fCryptoStealBTC&threatid=2147811035 , and was fixed by running Windows Defender (aka Security) Full Scan. However a subsequent Windows Defender Virus definition update said the solution was incomplete and Microsoft Safety Scanner should be run using http://www.microsoft.com/security/scanner/ Full Scan, which namelessly identified 22 files.All seems good at this time.
Best way to secure a browser is to block it both ways in your firewall.
They keep building their villages at the base of the volcano. Why? Why?
Chromium is getting faster, more stable, more optimized, more secure, but privacy is either “on-by-default” or “bad practices”, so the more up to date the browser is, the better
Agreed. No-one should be using Chrome anyway, even Edge is better but for me Brave is the best Chromium based browser – they too have updated to v99
After browsing really hard spending hours and hours on the web due to my studies since 2015, the only browser that have never failed for me is Chrome. No single problem ever. Thanks @Martin! :]
This should have been a reply to ShampooNiHAO not sure why it wasn’t because I hit the “Reply” next to their post.
A browser facing and interacting with the internet is about as complex as it gets. It’s a jungle out there. Be glad that vulnerabilities are being discovered and closed.
Even if you never report almost anything about Brave, I still added ghacks feed because yesterday Brave update added “custom RSS support to Brave News”
So, just using https://www.ghacks.net/feed/ is enough to get your updates. It sucks you barely report on anything Brave does unless it is not about the browser or anything.
There code seems so full of holes…every update it is 20+ fixes.
zero days and exploits left right and centre.
Secure browser.?
Even with this update it is still vilnerable because more fixes will follow in 6 weeks.
Seems google chrome is perpetually vulnerable.
chromium is literally the new adobe
every day is patch day for chromium, it has become a security joke, even adobe is laughing
@patchday
Try finding a more secure browser then. Good luck, hehe.
@zerodays
There is no browser that is any more secure. Safari has comparable issues and Firefox is even worse.
Like all browsers.
But I think that’s because the majority of the population uses Blink so more bugs are discovered, other niche engines like WebKit or Gecko that amount less than 5% of userbase don’t have so much bugs reported or fixed simply because there aren’t enough people to discover them in the first place.
So which one is a more secure software? One that is constantly hacked, patched, and hacked again, or one that is really safe to use with no known or unknown holes in it??
@dumb010
> one that is really safe to use with no known or unknown holes in it
And which browser would that be? I am most curious…
When do you update your browsers?
Few days after major version release, usually when browsers get another minor update.
I wouldn’t touch chromium, such an insecure engine
– https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=2129022708
You don’t have much choice:
– the outdated WebKit
– the outdated Gecko
I would rather stop using the internet if I had to rely on those.
Recently I read about a brand new rendering engine called Flow:
https://en.wikipedia.org/wiki/Flow_(web_browser)
Maybe in the future that will be a competitor to Blink, but other than that, Blink is currently the best engine for browsers.
>I would rather stop using the internet if I had to rely on those.
You are the coward who instead of standing their ground to protect their people and land instead runs when their nation is attacked. You are part of the tide of which people doing real work must fight against so your opinions are of no value.
Why do you call WebKit outdated? It’s being actively developed by Apple, no?
Yes. Apple is still developing Safari and WebKit. And Gecko (the old outdated version) is only used by Palemoon I believe. Firefox, and forks of Firefox, use the one in development that is called Quantum/WebRender.
@Booby Phoenix
“Quantum” is rebranded Gecko, not a new project.
@roger
Dude, how stupid do you think gHacks readers are? The most used browser is also the the most attacked / scrutinized one –> Many issues will be found, certainly more than for browsers almost nobody uses.
Meaning: Counting security issues without keeping in mind factors like overall popularity is for cretins!
Oh and as for Firefox: https://madaidans-insecurities.github.io/firefox-chromium.html Enough said.
>”How stupid do you think gHacks readers are?”
>Post the same scam article once again
Self aware.
@triggered
It is you who is triggered, buddy, when you call a factual article a “scam” just because you are woefully unable to refute any of it. Just saying.
Chrome will soon let you follow your favorite websites (via RSS updates) and the first glimpses of this new feature have already appeared in Canary, Google has added the new ‘Follow site’ entry in the tab context menu:
https://redd.it/t4lfbm
.