Google Chrome 102 update patches 32 security issues (one critical)
Google published updates for the company's Chrome web browser on May 24, 2022. The desktop version updates address security issues in the web browser.
The Chrome team is delighted to announce the promotion of Chrome 102 to the stable channel for Windows (102.0.5005.61/62/63), 102.0.5005.61 for Mac and Linux. Chrome 102 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.
Chrome 102 for desktop systems and mobile systems is available already. Google rolls out updates over time to the entire population. Desktop users who use Chrome can speed up the installation of the update to patch the security issues early.
Selecting Menu > Help > About Chrome displays the version of the browser that is installed. Chrome runs a check for updates when the page is opened; it should pick up the new version and install it automatically.
Chrome on Android updates rely on Google Play, which means that there is no option to speed up the upgrade on Android.
Google makes no mention of security issue fixes in the Android and iOS releases of the web browser.
Chrome 102: security fixes
Google Chrome 102 is available as a stable channel version and extended stable channel version. Stable versions are upgraded every 4 weeks, extended stable versions every 8 weeks.
The update includes a total of 32 security fixes. One issue has the highest severity rating of critical, several others a rating of high. The critical security issue is described as " Use after free in Indexed DB" and filed under CVE-2022-1853.
Google makes no mention of attacks in the wild. Chrome users should upgrade to the latest version quickly to protect their browsers against potential attacks targeting the new vulnerabilities
Chrome 102: improvements and features
Google lists 12 features that were added, removed or improved in Chrome 102 on the Chrome Status website. Most changes are of interest to developers only.
- Add Save Data Client Hint
- AudioContext.outputLatency
- Calling PaymentRequest.show without user activation
- Capture handle
- File Handling
- HTTP->HTTPS redirect for HTTPS DNS records
- Navigation API
- Origin Private File System extension: AccessHandle
- Secure Payment Confirmation API V3
- WebHID exclusionFilters option in requestDevice()
- [WebRTC] Deprecate and Remove Plan B
- inert attribute
Descriptions of the changes are available on the Chrome Status website.
Now You: do you use Chrome? When do you update your browsers?
Which vpn extension should i use cyberghost or zenmate?
For those who use keyboard shortcuts frequently, version 102 of Chrome introduces the option to reorder tabs with keyboard shortcuts:
https://redd.it/tyd0zl
This option will also be available in the stable version of Edge once it is updated to version 102:
https://redd.it/udbyzd
.
Leaks like a sieve good sir.!..
Patch,patch and more patches to this leaking codebase.
Secure.???..hmm on the fence (chuckles).
chromium is the new adobe flash .. welcome to patch days-ending-in-a y
@Dying Confetti Sphinxter
Yes, next year Chrome will start recommending everyone to stop using Chrome. You will be redirected to sites where you can install Chrome and start using that instead.
@Flying Spaghetti Monster
Yeah, because the competition is so much better here. /s
There is no browser that is more secure than Chromium. Irrelevancy is not the same as security, FF is lacking several important exploit mitigations and is even easier to hack.
By your logic Linux would be irrelevant as well. The bigger number doesn’t make something else bigger.
Linux is nice with it’s 2.54%
IH is right. Do not believe your lying eyes. Windows 11 is the best OS ever, the only reason it has more vulnerabilities than Windows 7 is because Windows 11 is so much more popular. Chromium has no connection to Google. Chromium is actually secretly made by Mozilla, that is why is has so many vulnerabilities. The moon landings were fake, they were faked by Mozilla so you do not notice how insecure their browser is.
Thanks for making me laugh. Atleast someone understands the joke behind every IH paragraph. That guy is delusional.
> There is no browser that is more secure than Chromium
How many times do we need a spammed link to a seven year old article by a one-eyed disgruntled-with-mozilla-and-tor-project developer with a chip on his shoulder (he got in a public spat with a moz dev), who is being an absolute purist in the strictest sense of the word. Security patches do not work in isolation, security is many layered and cannot really be quantified as a whole
For all intents and purposes, all three desktop engines are very secure considering all they do, and within 0.00001% of each other. i.e 99.99999% of users will never get bitten.
Also, size of the userbase !== more secure either. There is only so much scrutiny, fuzzing, linting etc that can be done. Just because chromium has 10x more users, does not mean it is built 10x better. Mozilla are just as capable in this regard. And once you have x amount of users, targets are always juicy. If Firefox was such as easy weak target, then why aren’t there more zero-days and CVEs. The answer is because, it’s secure, as in multi-layered, and not only in the same ball park as chromium, but practically twins
If anything, chromium’s excessive amount of zero days the last two years and lack of fixing C/C++ issues, as planned for years, is a concern.
PS: Am enjoying my very private, fully network partitioned, fully site data partitioned, navigational tracking blocked, secure Firefox
this is what hackernews thinks of madaidan, with some snippets quoted below
https://news.ycombinator.com/item?id=26954225
> So, all the security features that he considers large holes haven’t been used to mount successful attacks, but the ones he considers “not substantial” are the ones that have been used for the real 0-days.
> It seems the “threat model” was “if Chrome has it, it must be important” and “if Chrome doesn’t have it, it must be useless”. You cannot do a serious security analysis this way, it’s like looking at a list of feature checkboxes to choose a product. But in this case it’s even worse because we only look at the checkboxes vendor G has ticked.
https://news.ycombinator.com/item?id=25595998
> That article is comes from an extremely naive security posture
Here is a real security engineer not being one-eyed, read the link (below is a part quote)
https://old.reddit.com/r/firefox/comments/lbu6q2/why_do_people_say_chromiums_sandbox_is_better/glxjrjg/
> “How does that wash out in the end? It’s really hard to say and pretty much impossible to quantify.”
Madaidan’s assertion is pathethic
Spamming ghacks comments in every Firefox article with the same nonsense gibberish and uneducated understanding and interpretations, is fast becoming a meme
Apparently, someone likes to play this game. Let’s see what some people think of Madaidan’s article
John Wu:
>This is very true. During my masters studies, Chromium’s strong security mitigations and sandboxing are one of the reasons that ruined my research project LMAO. Should’ve picked Firefox at that time…
Kmkz Security:
>An article that enumerates a number of security weaknesses in Firefox’s security model when compared to Chromium.
Chris Rohlf:
>It’s been ages since I last looked at Firefox but I know there are smart people actively working on these things. Another way to interpret this writeup is just how expensive and difficult it is to harden a target like a web browser. You need a large team dedicated to it.
Oh, and these are pretty well known researchers in the infosec community, not 2 random people on Hacker News and a former Mozilla employee :)
https://nitter.net/topjohnwu/status/1455606288419733505
https://nitter.net/kmkz_security/status/1455487173164216325#m
https://web.archive.org/web/20211102152329/https://twitter.com/chrisrohlf/status/1455549993536966671
> John Wu: Should’ve picked Firefox at that time
not talking about at that time, years ago
> Kmkz Security: An article that enumerates
no one is arguing about enumeration of differences
> Chris Rohlf: It’s been ages since I last looked at Firefox
so, not relevant then
> these are pretty well known researchers in the infosec community, not 2 random people on Hacker News and a former Mozilla employee
they’re just as random as your irrelevant and outdated sources. That mozilla employee, worked in the security team which to use your quote is “smart people actively working on these things”
Totally ignoring the point made that evaluating overall security is subjective, and instead making up strawmen. Enumerating differences is not the point – but important, because it shows where the defense can be hardened.
And on that point, the article is often biased, for example, Rust (10% of the code base) in gecko is pointless because “lets make up some lame reason”, but chromium planning to use Rust (planning, not even used) is great. So strike one against gecko and a bonus point for chromium
madadian is clearly one eyed in his interpretation, no-one ever said the enumeration of differences was at fault.
Fairly easy cherry picking game: You just enter the link in Twatter and cherry pick people with your opinion. At no single point they take stance to the current day situation. It’s the same circle jerk of 2015/2016/2017 old links being approved 6 years later in 2021 without critical analysis of the current situation. You might as well quote the Bible or ask a priest.
Many people need their nemesis, for some people it is Mozilla and other people attack minorities.
Also I smell a massive fallacy that anyone inside here, literally anyone is important enough for a nation state or a hacker burning their brand new 0day on them. Unless you are a bitcoin billionaire or you have the most morally reprehensible predilections, then nobody will try to ahck you and escape your sandbox.
On the internet we are all 3l33t c0d3rs and dream of CIA spooks hunting us down. No one literally cares for us. There is no epic conspiracy. We are not Assange, Manning or Snowden.
@computer said no
Name a more secure browser then. And don’t make me chuckle while you do.
We both know that the high number of Chromium security issues comes from the burden of being the leader, i.e. when you have 80% market share finding security issues becomes a very valuable undertaking. Who cares about 3% market share Firefox? Answer: Nobody, does not mean it is more secure because of that. Irrelevancy is not the same as security.
@iron heart.
Why do you keep linking to the same site all the time when defending chrome and criticizing firefox.You’re going to have to do better than that.
>We both know that the high number of Chromium security issues comes from the burden of being the leader, i.e. when you have 80% market share finding security issues becomes a very valuable undertaking
I’d say it’s more due to their deliberate and ongoing process from day one of turning the browser from an application used to view remote documents that had *some* interactivity through Javascript into complete virtual machines emulating every damn feature provided by the OS from gamepad support to Dolby sound (seriously?!) – for bloated web applications that have ditched HTML almost completely to render everything with JS. The bigger the codebase, the bigger the attack surface. Firefox also faces this same issue on a smaller scale, both as a result of trying to turn the browser into an operating system substitute.
@Rex
Yes, supporting every feature imaginable is of course widening the attack surface. In that sense, if you hardly support anything, you are technically more secure at the expense of usability. An example for this are command line browsers like Lynx.
However, Firefox and Chromium support roughly the same set of features. Firefox is currently irrelevant with 3% market share and is not as juicy a target as Chromium with its 80% market share. Thus, fewer eyes are on the code and the nominal (not actual!) number of security issues is driven down. However, we do know that Firefox lacks several important exploit mitigations and is, as far as the actual codebase is concerned, even easier to exploit than Chromium. The fanboys here who say or imply that Firefox is more secure due to a lower nominal number of security issues (due to its irrelevancy, not the security of the base code) are liars who want to promote their product. Sick of it.
~10% desktop market share. who cares about people smearing screens with their fastfood fingers?
the rest of this defensive marketing ploy, touché, enjoy leadership.
>Eat [word] billions of flies can’t be wrong!
@Marv
> ~10% desktop market share. who cares about people smearing screens with their fastfood fingers?
Websites are flexible today as far as their layout is concerned. You don’t code the same website twice anymore, once for desktop and once for mobile like in the good old days… As far as a web developer coding a website is concerned, Firefox sits at 3%, not 10%.
> the rest of this defensive marketing ploy, touché, enjoy leadership.
Marketing ploy? Seriously?
Here, the reality of Firefox’s security, an analysis that doesn’t just claim that Firefox is wannabe-secure based on its irrelevancy, but rather compares the base code of each browser: https://madaidans-insecurities.github.io/firefox-chromium.html
> Eat [word] billions of flies can’t be wrong!
Hm, both Chrome and Firefox can be downloaded free of charge. So if Chrome is a pile of shit, yet is still much preferred over Firefox, what does that mean for FF? Is Firefox an even bigger turd then? I guess so. As far as I am concerned, Firefox died in 2017 when they adopted Chromium’s extension APIs. There is not one good, non-ideological reason to use it over a Chromium-based browser.
Thank link looks citing very outdated sources. Do you have something more tangible and up to date?
>Name a more secure browser then
Not Chrome.
@I. Ron Tard
I didn’t ask for mocking my nick, I asked for a more secure browser, and am still waiting,
I update Chrome Stable the day it is available. After restarting to activate 102.5005.63, you are shown Chrome secure webpage ‘ chrome://whats-new/ ‘ which describes interesting new function.
As predicted by https://www.reddit.com/r/chrome/comments/tyd0zl/chrome_for_windows_will_let_you_reorder_tabs_with/ , you can use a shortcut to reorder tabs in Chrome 102.0.5005.63 Stable.
It is left/right (control + shift + page up/down) .
Number 1 in the world *chuckles*
No flag to disable the USELESS sidepanel icon?
Nagivate to #side-panel and disable.
Q: No flag to disable.
A: Go to > chrome://flags/#side-panel
Are you joking?
Will depends what version you using.
The version 101.0.4951.64 have Side Panel flag.
@Exterminator
Now there’s a sad comeback if I ever saw one..
@Duck
No such flag exists anymore. On Ungoogled Chromium. No one in their right mind uses Chrome.
Go to > chrome://flags/#side-panel
and disable side panel icon.
Disabling hardware acceleration fixes the issue.
Chrome update 102.0.5005.63 breaks uBlock Origin.
I’m sorry, this is not related specifically to uBlock Origin, something is wrong with hovering links, and this also affects uBlock Origin settings page.