Google Chrome 104 released: fixes 27 security issues

Martin Brinkmann
Aug 2, 2022
Google Chrome
|
22

Google has released a new stable version of the company's Chrome web browser. Google Chrome 104 is available for all supported desktop operating systems, as well as for Google Android and Apple iOS devices. Google Chrome 104 for the Extended Stable Channel is also available.

google chrome 104 windows

Chrome 104.0.5112.79 for Mac and Linux, Chrome 104.0.5112.79/80/81 for Windows, Chrome 104.0.5112.69 for Android and Chrome 104.0.5112.71 for iOS are the full build numbers of the releases.

Chrome 104

Desktop users may run a manual search for updates to install the Chrome 104 update on their devices right away. Mobile users need to wait until the new release is pushed to their devices.

ADVERTISEMENT

Desktop users who want to install the update right now may do the following to do so:

  1. Open the Google Chrome web browser.
  2. Load chrome://settings/help in the browser's address bar. The page that opens displays the current version of Chrome. It performs a check for updates and will download and install any update that it finds.
  3. Restart Chrome to complete the installation of the Chrome 104 update.

Chrome 104 is a security update

Google Chrome 104 patches 27 different security issues. Google reveals the severity of security vulnerabilities reported by third-party security researchers and organizations only. The maximum severity rating of the reported vulnerabilities is high, second only to critical.

The release notes do not mention exploits in the wild at this time. It is still recommended to update Chrome immediately to protect the browser against attacks that target the vulnerabilities.

As far as non-security related changes in Chrome 104 are concerned, there are some. The Chrome Platform Status page lists thirteen feature change, all of them development related.

Developers may want to check out the post about Chrome 104 Beta that provides details on some of the changes in Chrome 104.

There is not much new that is of interest from a user's perspective.

Expect updates from other Chromium-based browsers in the coming days, as several of the security issues are found in Chromium. Some of the security issues are Chrome-specific on the other hand.

Now You: when do you update your browsers?

Summary
Google Chrome 104 released: fixes 27 security issues
Article Name
Google Chrome 104 released: fixes 27 security issues
Description
Google has released a new stable version of the company's Chrome web browser. Google Chrome 104 is available for all supported operating systems.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «

Comments

  1. Andy Prough said on August 2, 2022 at 11:20 pm
    Reply

    Just 27 security issues? Kind of a quiet week at the old chocolate factory I guess.

    1. get to da choppa said on August 3, 2022 at 7:25 am
      Reply

      puts adobe flash’s record to shame

    2. Iron Heart said on August 3, 2022 at 10:14 am
      Reply

      What do you use instead? Tell me about this super-secure alternative I don‘t know about…

      1. Andy Prough said on August 3, 2022 at 4:33 pm
        Reply

        If you are feeling insecure about your browser Iron Heart, I recommend using noscript or ublock in advanced mode, and disallowing js, 3rd party fonts, and large images by default, along with either disallowing cookies, or disallowing 3rd party cookies and deleting all cookies as soon as you leave a web page. For non-chrome/non-firefox browsers, you can use ?Matrix on Pale Moon, or enable the noscript option and the adblock options with luakit, or use something like links2 browser in graphical mode (no js natively, be sure to disable cookies or delete them when leaving sites) or netsurf in no-js mode. You can read and leave comments on ghacks in nearly any browser with or without js, even with links2 browser.

        If you need how-to’s on any of the above, I’ve written them in various forums on the web, just search for the browser and my screenname and you’ll probably find them. Or leave a reply here and I’ll try to help you.

        You can also tighten it up a notch by using a non-browser feed reader like newsboat for RSS feeds of your favorite reading sites (like ghacks) rather than opening them in a web browser. One of my current favorites (for casual reading) is to ditch the http web altogether and spend time in gemini space with a gemini browser like Lagrange or Amfora.

        So to answer your question, they can almost all be made more secure than Chrome in its default state. Or, I assume that Chrome itself can be made much more secure simply by using noscript or ublock in advanced mode with js, external fonts, and large images disabled by default and by disabling 3rd party cookies and deleting all cookies immediately when leaving a site. I haven’t used Chrome for a few years, but I assume that those things work.

        Hope that helps! Good luck, and be safe out there.

      2. Iron Heart said on August 3, 2022 at 8:59 pm
        Reply

        @Andy Prough

        Such a long text only to state that I am supposed to use uBlock Origin and (shady af) NoScript, thank you very much. I totally was not aware of those. /s

        The issue? Disabling JavaScript breaks a great many websites and therefore it’s not practical. Unless you have lots of time on your hands and can maintain a whitelist etc.

        Anyhow, add-ons have no bearing on the security of the browser base code. I was asking whether you know of a browser that is supposedly more secure than Chromium / Chrome with no further hardening required. Your initial comment sounded like you know of one, but alas no luck with you. Shame, ding dong.

      3. Andy Prough said on August 5, 2022 at 12:30 am
        Reply

        >”I was asking whether you know of a browser that is supposedly more secure than Chromium / Chrome”

        What does Chrome have, about 30 zero-day exploits over the last 3 years? At this point, I’d have to say ANY other browser is less frequently exploited.

      4. Iron Heart said on August 5, 2022 at 10:05 am
        Reply

        @Andy Prough

        “less frequently exploited” vs. “more secure in terms of engineering”

        It’s not the same thing. Due to low market share, the spaghetti code of your browser is less exploited. Its irrelevance is its shield. FF has no sandbox, no proper content process isolation either. It’s shit, and easier to exploit than Chromium guaranteed. No, thank you.

        > 30 zero-day exploits over the last 3 years

        Actually a good track record for an operating system-sized code base that every bad guy wants to hack, sorry to burst your bubble.

  2. gohohoho said on August 3, 2022 at 9:45 am
    Reply

    gohohohogle release 1000 with gazillion smooch fixes! What a cloowngle!!!

    1. Iron Heart said on August 3, 2022 at 8:54 pm
      Reply

      Madaidans Insecurities, check it out. Chromium vs. Firefox, the reality of it is described well there. Martin blocks me from posting the link now, don’t know why. Maybe he is afraid of a truthful analysis being “controversial”.

      1. Anonymous said on August 4, 2022 at 9:48 am
        Reply

        @Iron Heart
        “truthful analysis” sure thing buddy

      2. Iron Heart said on August 4, 2022 at 8:19 pm
        Reply

        @Anonymous

        What are your counter-arguments? If you say something is factually wrong there, tell me what it is.

      3. Google Fan said on August 4, 2022 at 7:39 pm
        Reply

        Agreed brother Iron Heart, to question Google is to question God. Nice to meet another true believer.

      4. Iron Heart said on August 4, 2022 at 8:21 pm
        Reply

        @Google Fan

        Belief is a matter of religion, buddy. What security experts do is analyze the open source code and draw their conclusions. If you think they are wrong, tell me in how far. Otherwise kindly leave me alone with your BS.

      5. Google Fan said on August 5, 2022 at 10:45 pm
        Reply

        You’re not my buddy, pal. But I do admire your tireless devotion to our one true Google.

      6. IronMadaiHead said on August 5, 2022 at 11:40 am
        Reply

        Maybe he’s tired as everyone else of spinning the same bogus reference all over??

      7. Iron Heart said on August 6, 2022 at 12:20 pm
        Reply

        @Google Fan @IronMadaiHead

        Yeah dude, Martin is tired of a factual analysis and instead lets trolls, who have presented 0 (zero) valid counter-arguments so far, write their bullshit as they see fit instead. A worthy upgrade to be sure.

        And this “have faith in”, “being in love with” Google etc. COMPLETE BULLSHIT. I am against their data collection as much as anyone else, however their products are not insecure in so far as security is not the same as privacy. So your counter-argument to a factual analysis basically is that I am supposedly a fanboy. LOL, my sides hurt.

  3. misuser8 said on August 3, 2022 at 10:36 am
    Reply

    I’ve noticed that hardware acceleration which was broken in stable Chrome versions 102 and 103 is now restored in version 104.0.5112.81 on my Windows 8.1 32 bit system with old NVIDIA Graphics driver 391.35 issued in 2018 (NVIDIA has stopped issuing 32 bit drivers in 2018 and 391.35 is the last available version of driver for 32 bit Windows).

    1. Martin Brinkmann said on August 4, 2022 at 8:06 am
      Reply

      That is good news, thanks for telling us.

  4. Anonymous123 said on August 5, 2022 at 10:13 pm
    Reply

    @Iron Heart

    > Madaidans Insecurities, check it out. Chromium vs. Firefox, the reality of it is described well there.

    No thanks, he is theatre. He hasn’t a clue what he is talking about and his views are just opinions. No real tech expert takes his views on linux hardening seriously either, as most linux distros are very secure by default and have a strong open source firewall and are extremely secure under the security through obscurity concept. Also the open source code in the kernel being constantly maintained by an enthusiastic linux community makes linux an excellent choice as an OS.

    The opinions (they are just opinions only) and views on that link that you spammed for years are severely outdated and do not apply to 2022 Firefox. Firefox does have sandboxing and isolation in their browser. An argument can be even made that Chromium is a far less safe browser engine codebase to use because of its sheer monopoly in the mobile and desktop market, something that is never mentioned in your silly link that you try to post constantly. Just look at all the security updates done for chrome recently.

    Chromium is better engineering? Lol, the monopoly browser engine with massive security updates constantly. I guess all that better engineering as you call it makes no difference as chromium codebase is constantly being attacked by cyber criminals, due to it being installed by default on literally every device as the engine behind chrome and edge.

    You should appreciate security through obscurity concept. You love for google engineering lol and google popularity blinds you.

    Anyone into privacy usually do not like google, you however seem to love google lol. In fact you seem to love big tech lol.

    1. Iron Heart said on August 6, 2022 at 12:47 pm
      Reply

      @Anonymous123

      > No thanks, he is theatre.

      He is the Whonix dev. Therefore I doubt that he is theatre.

      > his views are just opinions

      No, looking at the code and asserting that certain exploit mitigations are missing in FF is not just an “opinion”. Anybody can independently verify it, there is no “if” involved here.

      > most linux distros are very secure

      LOL, nope. Maybe something like Qubes can be considered secure but not your average Linux distro. Linux can be more trivially exploited than Windows, it passively “profits”, if you can call it that, from being irrelevant. Same for Firefox.

      > security through obscurity concept

      You don’t even know what security through obscurity means: https://en.wikipedia.org/wiki/Security_through_obscurity

      It means secrecy of implementation as a security feature, and does not mean security achieved via your product being irrelevant. Now that we’ve established that you don’t know the actual meaning of the words you use, let us see whether this can work according to your false interpretation of the concept, and surprise, surprise… It doesn’t.
      Relying on your product being irrelevant for it to be secure not only limits the growth potential of the product (the more important you get, the more you will need to implement actual counter-measures), it also is not working in real life. Firefox is irrelevant but not Lynx-level irrelevant. So hacks still happen, they are just lesser in number due to the low market share. 3% market share is big enough still that something needs to be done.

      > The opinions (they are just opinions only) and views on that link that you spammed for years are severely outdated and do not apply to 2022 Firefox.

      It’s not outdated. Where are you getting this info from? Certainly not from the blog itself, because there it says last updated on March 19th, 2022. The article also has been continually updated for years. You are either uninformed here once again or flat out lying.

      Code analysis is also not a matter of opinion, but I’ve already said that before so I won’t go into that again.

      > Firefox does have sandboxing and isolation in their browser.

      “Having it” and “having it work” is not the same thing. Firefox suffers from trivial sandbox escapes and the Google rejects working at Mozilla hard-limited the content processes to 8 (eight), so that different websites can still share content processes. There are also still lots of shared resource leaks because they frankensteined site isolation on a code base that wasn’t multiprocess when it started out (contrary to Chromium, might I add), but you knew all that, didn’t you?

      > Just look at all the security updates done for chrome recently.

      Yeah dude, it not being irrelevant like Firefox also means that it is a focus for the bad guys. I don’t dispute that at all. What I do dispute though are ridiculous concepts like irrelevance being a proper substitute for actual counter-measures. I also dispute lies by omission, for example people citing a lower number of Firefox exploits, implying that Firefox is better engineered, when in fact the only reason it is not as heavily exploited is its utter irrelevance. If you can’t see the dishonesty of your ways, then I don’t know what to say. Lies by omission are not even a basis for discussion.

      > Chromium is better engineering? Lol, the monopoly browser engine with massive security updates constantly.

      Chromium is better engineered (proper sandbox, proper site isolation, lower number of shared resource leaks), but it’s also a larger focus of attack. One does not rule out the other, and there is no logical contradiction here.

      > You should appreciate security through obscurity concept.

      No, I don’t. And neither do security researches from what I’ve read (this discussion is not limited to browsers, either).

      > You love for google engineering lol and google popularity blinds you.

      It is well-engineered no doubt about it, Google has some of the best IT security on the planet, my dude. Better than Firefox by miles, with the understanding that security (= resistance against exploits) is not the same as privacy. And I actually cited popularity as a negative, as it leads to a comparably higher number of hacks, I just disagreed with the false notion that a higher number of hacks actually means badly engineered when the numerical difference vs. Firefox is largely based on popularity.

      > Anyone into privacy usually do not like google, you however seem to love google lol.

      No, I don’t agree with their privacy violations hence why I use Brave. Security is not the same as privacy at all, and the Chromium code base minus the Google connections is actually a good browser.

      > In fact you seem to love big tech lol.

      People who follow me here without bias know that this is not true, LOL. Nice try though.

  5. Anonymous123 said on August 7, 2022 at 2:29 am
    Reply

    @Iron Heart

    > He is the Whonix dev. Therefore I doubt that he is theatre.

    Someone you never shut up about. I am glad if they stopped you from spamming his BLOG CONSTANTLY as some sort of reference point that you claim can not be challenged with alternative arguments because he is a whonix dev lol.

    If he dislikes Firefox so much compared to chromium, then perhaps he should mention as THE whonix DEV (as you call him) that since the TBB is based on Firefox, that he can not possibly recommend the TBB in whonix due to it being not as good as chromium? Lol. Perhaps he should argue that chromium based Brave be used instead, even though Brave being chromium based had broken tor windows.

    Does he do that? No! He is privacy theatre and has no clue what he is on about for the most part, especially Linux. The TBB is seen as one of the most private web browser one can use. You do not hear many tech experts shouting about how insecure Firefox is. You are only pruning for criticism against Firefox by referencing his opinions whom you believe can not be criticised because you view him as some mystical software developer lol.

    Are you really so ignorant to believe that software developers can not be criticised when they put out opinions that many will not agree with. Many do actually the opinions in the blog you try to link as privacy theatre, both for Firefox and for the fear mongering linux hardening guide. His views on Firefox have become outdated, it is nitpicking and attention seeking, as if to somehow sound important. Nothing on his blog is even that interesting. He sounds like a graphene OS fanboy, which is funny since for all his love of google and android based OS, graphene OS relies on google pixel phones to install, by purchasing that phone, it is a financial contribution to googles pockets. Those phones are also very expensive and do not recieve hardware updates after so many years. Mobile phones are crap, no privacy person would use them, read about richard stallman lol.

    That blog you try to post and his views on Linux and systemD are just theatre aswell and misleading because they are just outlandish “what if scenarios” – no average Linux user needs to go through the trouble of implementing his manually intensive hardening guide on a Linux distro, when there are distros that are already very hardened by default from a standard security perspective like Qubes (Excellent sandboxing), Tails (Amnesiac) or even Fedora with Selinux by default. Linux distros are already secure by default anyway, they have firewalls and are well maintained with security updates especially the popular ones. His hardening guide is fear mongering BS and outlandish lol.

    Reading his stupid blog, he would have people nearly believe that windows is safer lol. Windows is a centralized mess. Distros are numerous and flexible, more customizable. Whonix devs actually put out whonix software for windows, what a joke. Windows is privacy invasive!

    > No, looking at the code and asserting that certain exploit mitigations are missing in FF is not just an “opinion”

    Look at all the exploit mitigations patched in chromium after nearly every release? Are you so ignorant to think that every piece of code in browsers is perfect? LOL. Almost no software is 100% secure, it is called human error, that is why people observe the code and bad code gets patched frequently so the software can be more secure.

    Firefox is arguably more secure to use than any chromium based browser due to googles monopoly by installing that browser engine on every device literally by default.

    A lot of tech experts do not use chromium based browsers for a reason. They are way too bloated.

    > Maybe something like Qubes can be considered secure but not your average Linux distro. Linux can be more trivially exploited than Windows, it passively “profits”, if you can call it that, from being irrelevant.

    LMAO. Linux distros by design are way more secure than windows. Linux does not grant complete administrator/root access to user accounts by default, whereas Windows does. LOL. Instead, accounts on Linux are lower-level and have no privileges within the wider system.

    Nearly all Linux distros come preloaded with a firewall, can be hardened with Firejail, Apparmor, Selinux and flatpaks at leisure, if one wants ultra security because they are paranoid. You haven’t clue what you are talking about. Lol. Your grasp on security knowledge around operating systems and browsers is retarded.

    Windows is the most exploited OS on desktop due to poor security, monopoly, greed, and generally being closed source crap!

    Closed source code is only maintained by a small few in M$. Open source code as in Linux is observed by the wider and larger FOSS community. Security flaws get patched very quickly!

    Linux distros are not only more secure because they are more privacy respecting, have better programming in general, the fact they are not as popular as Windows, makes them more secure aswell. And the fact they can be customized more and hardened more than anything in windows.

    Even android which is based on a modified linux kernel gets nowhere near the problems that windows does, and look how popular android is, neither does UNIX based apple. In fact, Linux distros, android OS and apple are far more secure than the virus meme that is windows and their .EXE insecure garbage.

    Windows has even to be known to brick decices with their persistent and forced updates. That can even be interpreted as Windows OS being a threat to the longevity of users devices with their updates. Look at the problems with WIN 10 updates and WIN 11 lol.

    > You don’t even know what security through obscurity means

    > Relying on your product being irrelevant for it to be secure

    I Doubt you even know what security even means.

    LMAO. You think that if a software product is not popular? That it is irrelevant? (as you call it), therefore its security is crap? You are hilarious. A valid interpretation of security through obscurity means an extra layer of security due to software not being as popular. Lol at your WIKI? You think people can not see things differently? The already strong security by default like in Linux and Firefox makes a system arguably even MORE SECURE than popular software.

    God

    Btw who is Firefox irrelevant to as you call it? The masses? LMAO The masses use chrome, edge and windows. You think the masses make smart intelligent choices with software?

    You sound like a joke Iron Heart lol.

    > It’s not outdated.

    It is outdated. It is actually nonsense in fact as Firefox has strong sandboxing in 2022 and browser isolotation in 2022. Firefox is arguably more secure than chromium for many reasons. Being not as popular as chromium makes it more secure arguably. Something never mentioned in that silly blog that you can’t post anymore lol.

    > Having it” and “having it work” is not the same thing.

    Ah, nitpicking, looking for an avenue of criticism so you can say chromium is better. LMAO.

    Firefox does have sandboxing and isolation, not perfect, but constantly improving, getting better despite having nowhere near the financial power that google has.

    Firefox is a secure browser, was independently audited many times. These are facts and you do not usually work well with the facts. Lol.

    > Yeah dude, it not being irrelevant like Firefox also means that it is a focus for the bad guys.

    Which means that chromium, no matter what advances it makes in security, no matter how much money goes into googloes chromium project, it still fails due to human error, that cyber criminals always look to exploit.

    Chromium codebase is a terribly uncomfortable bloated sloppy mess to use as a browser. Many agree and do not use chromium based browsers for many reasons. Googles greed and monoply arguably makes the chromium engine unsafe, all the security patches needed for the codebase is an example of it.

    > What I do dispute though are ridiculous concepts like irrelevance being a proper substitute for actual counter-measures.

    Firefox does have counter measures. You seem to want to pretend that it does not and you fall into the category of foolishly believing that because a software product is not the most popular that therefore its shit? Well, you seem like someone that just looks at the branding of the product, someone who wants the latest NIKE shoes are something lol.

    You are fooling no one, only perhaps some noobs who think Brave is the best thing since bread after switching from chrome, edge, safari, opera etc. LOL. It seems security audits mean nothing to you. However, they do mean something to people with an actual grasp on how technology works.

    > people citing a lower number of Firefox exploits, implying that Firefox is better engineered, when in fact the only reason it is not as heavily exploited is its utter irrelevance.

    You have no proof that Firefox is not better engineered. Opinions vary on what is considered better engineered. I do think Firefox is better engineered than chromium based browsers.

    Chromium based browsers are a bloated sloppy mess, feel very uncomfortable to use (i don’t care if its faster), and a monopoly, it is no surprise why chromium codebase constantly gets more security patches than Firefox. Most people use chromium based browsers, most people like SUGAR, it does not mean it is healthy in the long run.

    The Gecko engine is a safer (due to it already having good security and not being so popular), more customizable engine of choice that is not JUST installed by default on most devices like bloated chromium engine is as relates to chrome and edge.

    > Chromium is better engineered

    Or maybe it is just a bloated mess. It being so bloated is why it gets so many security patches, way too much code to maintain, that and the fact that it is so popular as it is the engine that powers the most used browsers.

    > It is well-engineered no doubt about it,

    Marketing BS that noobs like you believe. Google is your god it seems lol. Chromium only seems superior to you because it is faster, due to googles monopoly of the web.

    Many people as a matter of principle actually reject using anything google engineered, which chromium actually is. In fact most google products are terrible and not very well engineered at all. Look at all the security patches for chrome, an arguably terribly unsafe to use browser both for privacy and security due to the greed of google.

    > Security is not the same as privacy at all,

    Absolute BS! Without good security, there is no privacy!

    > People who follow me here without bias know that this is not true,

    I have seen people call you a google fanboy. I can see why they do that.

    As another commenter posted “brother Iron Heart, to question Google is to question God. Nice to meet another true believer.”

    You replied ” Belief is a matter of religion”

    You have done nothing in this comment section only promote google engineering as something infallible and godlike, something that can not be questioned. Lol. Google engineering is your religon, at least on here on Ghacks comments sections anyway.

  6. Anonymous123 said on August 7, 2022 at 5:17 am
    Reply

    @Iron Heart

    Also, to reiterate on this reply of yours.

    > You don’t even know what security through obscurity means: https://en.wikipedia.org/wiki/Security_through_obscurity

    There are many opinions on what “security through obscurity” means and much more philosophy around it not covered in your crappy non in depth wiki article. Wikipedia is only a citation encyclopedia.

    Security through obscurity in the Linux distro argument can mean that since Linux distros are pretty much obscure/ secret operating systems in general, not known by the masses, not used by most people, not having much of a user base compared to popular OS like windows, that unknown and secret factor of Linux desktop gives it a better layer of security than windows, whilst generally being way more secure than windows anyway from a development point of view.

    M$ rush code, windows is closed source garbage that allows code to be rushed with no real peer review process unlike FOSS Linux. Windows is a half baked security mess, a privacy invasive mess, that also demands a money for a license whilst delivering a really shit product, they have been supposedly known to have bricked devices with forced updates, is non customizable and where windows literally owns the OS that people paid for, forcing updates on people, forcing OS updates to newly released OS versions of their making, and trying to force people into using online microsoft accounts on the OS. There is no solid peer review process like in the FOSS development process on linux. Linux has greater security by design due to it being FOSS whilst also offerring ACTUAL privacy from big tech corporations like M$.

    > Relying on your product being irrelevant for it to be secure not only limits the growth potential of the product

    Windows is a commercial non free product, its growth meant nothing, it is a shit OS. Contrast that with the FOSS community who simply program for the passion of making excellent software to be FREE AND OPEN SOURCE.

    Linux has security by design and security by obscurity. The way you promoted M$ and Google in these arguments shows you really love big tech corporations and see them as almost godlike, you worship their engineering as like a bible lol. You see non popular software as something irrelevant (your words) and meaningless. It is you who is becoming irrelevant with your nonsense about Firefox on nearly every article related to it. Your hatred of Firefox borders on the fanatical lol. What did firefox do to you? lol.

    You would be downvoted to oblivion in any privacy respecting Linux or Foss community. It must be the reason why you stay on GHacks to feel important, because there is no voting system in the comments lol.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.