Google Chrome 115: fixes 20 security vulnerabilities, new side panel tools and HTTP upgrades
Google released a new version of its Chrome web browser to the stable channel today. Google Chrome 115 is a major browser upgrade that fixes 20 different security issues in the browser and introduces new functionality at the same time.
Originally scheduled for last week, Google delayed the release to the stable channel to July 19th, 2023. Most Chrome installations will receive the update automatically over the course of days and weeks.
Users may check the installed version by selecting Menu > Help > About Google Chrome, or by loading chrome://settings/help directly in the browser's address bar. Google Chrome displays the installed version and runs a check for updates when the page is opened on desktop systems.
The following version is the latest and should be displayed after the update is installed on the device:
- Chrome for Linux and macOS: Chrome 115.0.5790.98
- Chrome for Windows: Chrome 115.0.5790.98 or Chrome 115.0.5790.99
Chrome 115: security fixes
Google notes on the official Chrome Releases website that it has patched 20 different security vulnerabilities in Chrome 115.
The company lists just 11 of them on the website, as it keeps internally discovered vulnerabilities under wraps. The severity of the issues ranges from high to low and Google makes no mention of exploits in the wild.
The actual vulnerabilities include user after free issues in components such as WebRTC or Tab Groups, an out of bounds memory access in Mojo, and several "inappropriate implementations".
It is recommended to install the update asap to protect the browser and system from potential exploits.
Chrome 115: the non-security changes
Google Chrome 115 is a big release that includes several new features and changes.
Google Search side panel is one of these new features. It adds Google Search to Chrome's side panel that "allows text-based and visual queries, questions related to the page, and links to more details about the current site" according to Google.
Only a selection of Chrome users will see the new side panel feature in Chrome 115. Google plans to roll out it to the entire population in Chrome 116, which will be released next month.
Reading Mode is another side panel feature that is being rolled out starting in Chrome 115. It displays a read-optimized version of articles in the browser's sidebar. Only text and links are displayed in the mode.
Chrome's Reading Mode offers a few customization options at the top, including options to change the font type and size, theme, line height and letter spacing.
Some Chrome users will have their HTTP requests upgraded to HTTPS automatically by the browser. Google notes that Chrome drops back to using HTTP if the site does not support HTTPS. Users shouldn't see any visible effect in Chrome when the browser tries to upgrade the connection or falls back, if that is not possible.
Chrome users may bypass the automatic upgrading by specifying HTTP in the address bar of Chrome specifically or by configuring the Insecure Content setting by loading chrome://settings/content/insecureContent in the address bar.
New "Allow this time" response to certain permission prompts. Currently, Chrome users may select allow or deny for all permission prompts; these selections are permanent in nature, unless erased or changed manually by the user. Starting in Chrome 115, the new "allow this time" permission becomes available for geolocation, camera and microphone permissions.
Google changed the allow and deny options to "allow on every visit" and "don't allow" to improve the description of these choices.
Other changes of importance in Chrome 115:
- 1% of Chrome users who use Quad9Secure DNS (22.214.171.124) will have DNS over HTTPS mode enabled automatically as part of a test. This applies only to machines that have the DnsOverHttpsMode policy set to Automatic. Similarly, Chrome 115 will use DNS over HTTPs automatically for Cox ISP DNS server clients, provided that the policy is set to Automatic.
- Support for Encrypted Client Hello (ECH), an extension for TLS that promises privacy enhancements by encrypting the full handshake to keep all metadata secret.
- A new Enterprise policy, ExtensionUnpublishedAvailability, which defines whether unpublished Chrome extensions will be disabled in Google Chrome.
- Some Apple iOS users may now "use and save bookmarks and reading list items in their Google Account".
- Support for signature algorithms using SHA-1 for server signatures during the TLS handshake is removed in Chrome 115.
- Developers need to enroll "with the Privacy Sandbox". This verifies companies according to google and adds "an additional layer of protection for user privacy".
Chrome developers and web developers may want to check out the New in Chrome 115 post on the Developer website and the Chrome 115 listing on the Chrome Platform Status website for additional information.
Now You: what is your take on these new features?Advertisement