Google Chrome 114 closes 16 security issues and improves security
Google has released a new version of its web browser today. Google Chrome 114 is the latest stable version of the browser for desktop operating systems and Android. It patches 16 security issues according to the official announcement on the Chrome releases blog.
Google reveals information about 13 of the 16 vulnerabilities only: 8 security issues have a severity rating of high, 4 a rating of medium and one a low rating. The remaining security issues are not published publicly, as they have been found internally by Google.
Google makes no mention of exploits that are out in the wild already. While that may be reassuring, it is still recommended to update Chrome to version 114 quickly to close the security vulnerabilities.
Google addressed an out of bounds write in Swiftshader, several use after free in components such as Extensions and PDF, type confusion issues in V8, and another out of bounds memory access issue in Mojo.
How to update Google Chrome
Chrome users who run the browser on desktop systems may update the browser by loading chrome://settings/help in the address bar or by selecting Menu > Help > About Google Chrome.
The installed version is displayed on the page and a check for updates is performed. The browser will download any update that it finds to install it. A restart of the web browser is required to complete the update.
One of the following versions should be listed on the page after the installation of the update:
- Linux and Mac: Chrome 114.0.5735.90
- Windows: Chrome 114.0.5735.90 or Chrome 114.0.5735.91
- Android: 114.0.5735.57 or 114.0.5735.8
- Windows (Extended Stable) : 114.0.5735.91
- Mac (Extended Stable): : 114.0.5735.90
Google Chrome 114: non-security changes
Google Chrome 114 is a new major version of the web browser. The Chrome Enterprise and Education release notes provide information on new features that found their way into the web browser.
One of the main changes in Chrome 114 for Android, ChromeOS and Linux is the switch from using the operating system's certificate store to Chrome's own certificate store. This brings Chrome on these three systems in line with Chrome on Windows and Mac, which were switched already.
Administrators may configure the policy ChromeRootStoreEnabled to prevent the migration from happening at this stage. The policy will be removed in Chrome 120. The policy is no longer available for Mac and Windows devices.
Google lists support for the Private State Tokens API, formerly known as Trust Tokens, as another feature that has been integrated into the browser.
"The Private State Token API is a new API for propagating user signals across sites, without using cross-site persistent identifiers like third party cookies for anti-fraud purposes" writes Google in a support document. Current anti-fraud techniques that rely on third-party cookies will stop working once support ends in Chrome. Google announced recently that it will drop support for third-party cookies in 2024 in Chrome.
Google has released an article for developers that explains the functionality. Broken down to its core, the new API may be used to use trust tokens on different sites so that users do not have to regain trust, e.g., through captchas.
Google has implemented a security feature in Chrome 114 for Windows that protects cookie files on disk against unauthorized access.
Here is a quick overview of other changes:
- Old tabs are grouped under Inactive Tabs in the Tab grid on iPhone and iPad.
- Chrome's password manager is now called Google Password Manager. Google lists three new features:
- grouping of similar passwords.
- improved checkup flow.
- password manager shortcut can be added to the desktop.
- Improved password checking on iOS to find out if passwords are considered unsafe.
- Improved editing of notes in the new Google Password Manager.
- Test of a new Bookmarks side panel experience in Chrome that supports filtering, sorting and editing.
- Chrome's Safe Browsing feature, if set to Standard or Enhanced, will recursively unpack downloads of nested archives now to improve protection against malware that uses nested archives.
- Chrome settings synced on iOS or Android are kept separate from local Chrome settings, which were set when sync was off.
- Chrome on iOS supports opening multiple tabs that were open recently on Android.
Now You: what is your take on these new features?