Google Chrome 102 update patches 32 security issues (one critical)

Martin Brinkmann
May 25, 2022
Google Chrome
|
37

Google published updates for the company's Chrome web browser on May 24, 2022. The desktop version updates address security issues in the web browser.

google-chrome 102 security update

The Chrome team is delighted to announce the promotion of Chrome 102 to the stable channel for Windows (102.0.5005.61/62/63), 102.0.5005.61 for Mac and Linux. Chrome 102 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 102 for desktop systems and mobile systems is available already. Google rolls out updates over time to the entire population. Desktop users who use Chrome can speed up the installation of the update to patch the security issues early.

ADVERTISEMENT

Selecting Menu > Help > About Chrome displays the version of the browser that is installed. Chrome runs a check for updates when the page is opened; it should pick up the new version and install it automatically.

Chrome on Android updates rely on Google Play, which means that there is no option to speed up the upgrade on Android.

Google makes no mention of security issue fixes in the Android and iOS releases of the web browser.

Chrome 102: security fixes

Google Chrome 102 is available as a stable channel version and extended stable channel version. Stable versions are upgraded every 4 weeks, extended stable versions every 8 weeks.

The update includes a total of 32 security fixes. One issue has the highest severity rating of critical, several others a rating of high. The critical security issue is described as " Use after free in Indexed DB" and filed under CVE-2022-1853.

Google makes no mention of attacks in the wild.  Chrome users should upgrade to the latest version quickly to protect their browsers against potential attacks targeting the new vulnerabilities

Chrome 102: improvements and features

Google lists 12 features that were added, removed or improved in Chrome 102 on the Chrome Status website. Most changes are of interest to developers only.

  • Add Save Data Client Hint
  • AudioContext.outputLatency
  • Calling PaymentRequest.show without user activation
  • Capture handle
  • File Handling
  • HTTP->HTTPS redirect for HTTPS DNS records
  • Navigation API
  • Origin Private File System extension: AccessHandle
  • Secure Payment Confirmation API V3
  • WebHID exclusionFilters option in requestDevice()
  • [WebRTC] Deprecate and Remove Plan B
  • inert attribute

Descriptions of the changes are available on the Chrome Status website.

Now You: do you use Chrome? When do you update your browsers?

Summary
Google Chrome 102 update patches 32 security issues (one critical)
Article Name
Google Chrome 102 update patches 32 security issues (one critical)
Description
Google published updates for the company's Chrome web browser on May 24, 2022. The desktop version updates address security issues in the web browser. 
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. misuser8 said on May 25, 2022 at 11:04 am
    Reply

    Chrome update 102.0.5005.63 breaks uBlock Origin.

    1. misuser8 said on May 25, 2022 at 12:57 pm
      Reply

      I’m sorry, this is not related specifically to uBlock Origin, something is wrong with hovering links, and this also affects uBlock Origin settings page.

  2. misuser8 said on May 25, 2022 at 1:13 pm
    Reply

    Disabling hardware acceleration fixes the issue.

  3. Grrrr said on May 25, 2022 at 1:34 pm
    Reply

    No flag to disable the USELESS sidepanel icon?

    1. It's Me said on May 25, 2022 at 5:50 pm
      Reply

      Go to > chrome://flags/#side-panel
      and disable side panel icon.

    2. Exterminator said on May 25, 2022 at 11:07 pm
      Reply

      Nagivate to #side-panel and disable.

      1. Duck said on May 26, 2022 at 3:10 pm
        Reply

        Q: No flag to disable.
        A: Go to > chrome://flags/#side-panel

        Are you joking?

      2. Grrrr said on May 26, 2022 at 4:54 pm
        Reply

        @Duck

        No such flag exists anymore. On Ungoogled Chromium. No one in their right mind uses Chrome.

      3. Exterminator said on May 26, 2022 at 8:29 pm
        Reply

        Will depends what version you using.

        The version 101.0.4951.64 have Side Panel flag.

      4. Grrrr said on May 27, 2022 at 1:34 pm
        Reply

        @Exterminator

        Now there’s a sad comeback if I ever saw one..

  4. Marv said on May 25, 2022 at 1:48 pm
    Reply

    Number 1 in the world *chuckles*

  5. chesscanoe said on May 25, 2022 at 3:42 pm
    Reply

    I update Chrome Stable the day it is available. After restarting to activate 102.5005.63, you are shown Chrome secure webpage ‘ chrome://whats-new/ ‘ which describes interesting new function.

    1. chesscanoe said on May 26, 2022 at 7:04 pm
      Reply

      As predicted by https://www.reddit.com/r/chrome/comments/tyd0zl/chrome_for_windows_will_let_you_reorder_tabs_with/ , you can use a shortcut to reorder tabs in Chrome 102.0.5005.63 Stable.
      It is left/right (control + shift + page up/down) .

  6. computer said no said on May 25, 2022 at 5:10 pm
    Reply

    Leaks like a sieve good sir.!..
    Patch,patch and more patches to this leaking codebase.

    Secure.???..hmm on the fence (chuckles).

    1. Iron Heart said on May 25, 2022 at 8:25 pm
      Reply

      @computer said no

      Name a more secure browser then. And don’t make me chuckle while you do.

      We both know that the high number of Chromium security issues comes from the burden of being the leader, i.e. when you have 80% market share finding security issues becomes a very valuable undertaking. Who cares about 3% market share Firefox? Answer: Nobody, does not mean it is more secure because of that. Irrelevancy is not the same as security.

      1. I. Ron Tard said on May 25, 2022 at 9:25 pm
        Reply

        >Name a more secure browser then
        Not Chrome.

      2. Iron Heart said on May 26, 2022 at 8:34 am
        Reply

        @I. Ron Tard

        I didn’t ask for mocking my nick, I asked for a more secure browser, and am still waiting,

      3. Marv said on May 25, 2022 at 10:08 pm
        Reply

        ~10% desktop market share. who cares about people smearing screens with their fastfood fingers?
        the rest of this defensive marketing ploy, touché, enjoy leadership.

        >Eat [word] billions of flies can’t be wrong!

      4. Iron Heart said on May 26, 2022 at 12:12 am
        Reply

        @Marv

        > ~10% desktop market share. who cares about people smearing screens with their fastfood fingers?

        Websites are flexible today as far as their layout is concerned. You don’t code the same website twice anymore, once for desktop and once for mobile like in the good old days… As far as a web developer coding a website is concerned, Firefox sits at 3%, not 10%.

        > the rest of this defensive marketing ploy, touché, enjoy leadership.

        Marketing ploy? Seriously?

        Here, the reality of Firefox’s security, an analysis that doesn’t just claim that Firefox is wannabe-secure based on its irrelevancy, but rather compares the base code of each browser: https://madaidans-insecurities.github.io/firefox-chromium.html

        > Eat [word] billions of flies can’t be wrong!

        Hm, both Chrome and Firefox can be downloaded free of charge. So if Chrome is a pile of shit, yet is still much preferred over Firefox, what does that mean for FF? Is Firefox an even bigger turd then? I guess so. As far as I am concerned, Firefox died in 2017 when they adopted Chromium’s extension APIs. There is not one good, non-ideological reason to use it over a Chromium-based browser.

      5. Marv said on May 26, 2022 at 4:08 pm
        Reply

        Thank link looks citing very outdated sources. Do you have something more tangible and up to date?

      6. Rex said on May 26, 2022 at 6:42 am
        Reply

        >We both know that the high number of Chromium security issues comes from the burden of being the leader, i.e. when you have 80% market share finding security issues becomes a very valuable undertaking

        I’d say it’s more due to their deliberate and ongoing process from day one of turning the browser from an application used to view remote documents that had *some* interactivity through Javascript into complete virtual machines emulating every damn feature provided by the OS from gamepad support to Dolby sound (seriously?!) – for bloated web applications that have ditched HTML almost completely to render everything with JS. The bigger the codebase, the bigger the attack surface. Firefox also faces this same issue on a smaller scale, both as a result of trying to turn the browser into an operating system substitute.

      7. Iron Heart said on May 26, 2022 at 8:44 am
        Reply

        @Rex

        Yes, supporting every feature imaginable is of course widening the attack surface. In that sense, if you hardly support anything, you are technically more secure at the expense of usability. An example for this are command line browsers like Lynx.

        However, Firefox and Chromium support roughly the same set of features. Firefox is currently irrelevant with 3% market share and is not as juicy a target as Chromium with its 80% market share. Thus, fewer eyes are on the code and the nominal (not actual!) number of security issues is driven down. However, we do know that Firefox lacks several important exploit mitigations and is, as far as the actual codebase is concerned, even easier to exploit than Chromium. The fanboys here who say or imply that Firefox is more secure due to a lower nominal number of security issues (due to its irrelevancy, not the security of the base code) are liars who want to promote their product. Sick of it.

      8. computer said no said on May 26, 2022 at 4:49 pm
        Reply

        @iron heart.
        Why do you keep linking to the same site all the time when defending chrome and criticizing firefox.You’re going to have to do better than that.

    2. Flying Spaghetti Monster said on May 26, 2022 at 12:55 am
      Reply

      chromium is the new adobe flash .. welcome to patch days-ending-in-a y

      1. Iron Heart said on May 26, 2022 at 8:37 am
        Reply

        @Flying Spaghetti Monster

        Yeah, because the competition is so much better here. /s

        There is no browser that is more secure than Chromium. Irrelevancy is not the same as security, FF is lacking several important exploit mitigations and is even easier to hack.

      2. I Fkd Yr Mom said on May 26, 2022 at 12:20 pm
        Reply

        > There is no browser that is more secure than Chromium

        How many times do we need a spammed link to a seven year old article by a one-eyed disgruntled-with-mozilla-and-tor-project developer with a chip on his shoulder (he got in a public spat with a moz dev), who is being an absolute purist in the strictest sense of the word. Security patches do not work in isolation, security is many layered and cannot really be quantified as a whole

        For all intents and purposes, all three desktop engines are very secure considering all they do, and within 0.00001% of each other. i.e 99.99999% of users will never get bitten.

        Also, size of the userbase !== more secure either. There is only so much scrutiny, fuzzing, linting etc that can be done. Just because chromium has 10x more users, does not mean it is built 10x better. Mozilla are just as capable in this regard. And once you have x amount of users, targets are always juicy. If Firefox was such as easy weak target, then why aren’t there more zero-days and CVEs. The answer is because, it’s secure, as in multi-layered, and not only in the same ball park as chromium, but practically twins

        If anything, chromium’s excessive amount of zero days the last two years and lack of fixing C/C++ issues, as planned for years, is a concern.

        PS: Am enjoying my very private, fully network partitioned, fully site data partitioned, navigational tracking blocked, secure Firefox

        this is what hackernews thinks of madaidan, with some snippets quoted below

        https://news.ycombinator.com/item?id=26954225
        > So, all the security features that he considers large holes haven’t been used to mount successful attacks, but the ones he considers “not substantial” are the ones that have been used for the real 0-days.
        > It seems the “threat model” was “if Chrome has it, it must be important” and “if Chrome doesn’t have it, it must be useless”. You cannot do a serious security analysis this way, it’s like looking at a list of feature checkboxes to choose a product. But in this case it’s even worse because we only look at the checkboxes vendor G has ticked.

        https://news.ycombinator.com/item?id=25595998
        > That article is comes from an extremely naive security posture

        Here is a real security engineer not being one-eyed, read the link (below is a part quote)
        https://old.reddit.com/r/firefox/comments/lbu6q2/why_do_people_say_chromiums_sandbox_is_better/glxjrjg/
        > “How does that wash out in the end? It’s really hard to say and pretty much impossible to quantify.”

        Madaidan’s assertion is pathethic

        Spamming ghacks comments in every Firefox article with the same nonsense gibberish and uneducated understanding and interpretations, is fast becoming a meme

      3. Marv said on May 26, 2022 at 5:30 pm
        Reply

        Many people need their nemesis, for some people it is Mozilla and other people attack minorities.

      4. Marv said on May 26, 2022 at 5:56 pm
        Reply

        Also I smell a massive fallacy that anyone inside here, literally anyone is important enough for a nation state or a hacker burning their brand new 0day on them. Unless you are a bitcoin billionaire or you have the most morally reprehensible predilections, then nobody will try to ahck you and escape your sandbox.

        On the internet we are all 3l33t c0d3rs and dream of CIA spooks hunting us down. No one literally cares for us. There is no epic conspiracy. We are not Assange, Manning or Snowden.

      5. Anonymous said on May 27, 2022 at 12:49 am
        Reply

        Apparently, someone likes to play this game. Let’s see what some people think of Madaidan’s article

        John Wu:
        >This is very true. During my masters studies, Chromium’s strong security mitigations and sandboxing are one of the reasons that ruined my research project LMAO. Should’ve picked Firefox at that time…

        Kmkz Security:
        >An article that enumerates a number of security weaknesses in Firefox’s security model when compared to Chromium.

        Chris Rohlf:
        >It’s been ages since I last looked at Firefox but I know there are smart people actively working on these things. Another way to interpret this writeup is just how expensive and difficult it is to harden a target like a web browser. You need a large team dedicated to it.

        Oh, and these are pretty well known researchers in the infosec community, not 2 random people on Hacker News and a former Mozilla employee :)

        https://nitter.net/topjohnwu/status/1455606288419733505
        https://nitter.net/kmkz_security/status/1455487173164216325#m
        https://web.archive.org/web/20211102152329/https://twitter.com/chrisrohlf/status/1455549993536966671

      6. Frankel said on May 27, 2022 at 8:47 am
        Reply

        Fairly easy cherry picking game: You just enter the link in Twatter and cherry pick people with your opinion. At no single point they take stance to the current day situation. It’s the same circle jerk of 2015/2016/2017 old links being approved 6 years later in 2021 without critical analysis of the current situation. You might as well quote the Bible or ask a priest.

      7. I Fkd Yr Mom said on May 27, 2022 at 10:20 am
        Reply

        > John Wu: Should’ve picked Firefox at that time

        not talking about at that time, years ago

        > Kmkz Security: An article that enumerates

        no one is arguing about enumeration of differences

        > Chris Rohlf: It’s been ages since I last looked at Firefox

        so, not relevant then

        > these are pretty well known researchers in the infosec community, not 2 random people on Hacker News and a former Mozilla employee

        they’re just as random as your irrelevant and outdated sources. That mozilla employee, worked in the security team which to use your quote is “smart people actively working on these things”

        Totally ignoring the point made that evaluating overall security is subjective, and instead making up strawmen. Enumerating differences is not the point – but important, because it shows where the defense can be hardened.

        And on that point, the article is often biased, for example, Rust (10% of the code base) in gecko is pointless because “lets make up some lame reason”, but chromium planning to use Rust (planning, not even used) is great. So strike one against gecko and a bonus point for chromium

        madadian is clearly one eyed in his interpretation, no-one ever said the enumeration of differences was at fault.

      8. Aluminium said on May 26, 2022 at 3:57 pm
        Reply

        IH is right. Do not believe your lying eyes. Windows 11 is the best OS ever, the only reason it has more vulnerabilities than Windows 7 is because Windows 11 is so much more popular. Chromium has no connection to Google. Chromium is actually secretly made by Mozilla, that is why is has so many vulnerabilities. The moon landings were fake, they were faked by Mozilla so you do not notice how insecure their browser is.

      9. Yash said on May 26, 2022 at 7:49 pm
        Reply

        Thanks for making me laugh. Atleast someone understands the joke behind every IH paragraph. That guy is delusional.

      10. Marv said on May 26, 2022 at 4:10 pm
        Reply

        By your logic Linux would be irrelevant as well. The bigger number doesn’t make something else bigger.

        Linux is nice with it’s 2.54%

      11. BaZooka said on May 27, 2022 at 1:37 pm
        Reply

        @Dying Confetti Sphinxter

        Yes, next year Chrome will start recommending everyone to stop using Chrome. You will be redirected to sites where you can install Chrome and start using that instead.

  7. Leopeva64 said on May 25, 2022 at 7:27 pm
    Reply

    For those who use keyboard shortcuts frequently, version 102 of Chrome introduces the option to reorder tabs with keyboard shortcuts:

    https://redd.it/tyd0zl

    This option will also be available in the stable version of Edge once it is updated to version 102:

    https://redd.it/udbyzd

    .

  8. sally said on May 26, 2022 at 12:29 pm
    Reply

    Which vpn extension should i use cyberghost or zenmate?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.