Google Chrome 116: more Telemetry and 26 security patches
Google has released a new stable version of its Chrome web browser for desktop operating systems, Android and iOS. Chrome 116 is a security update first and foremost, as it addresses a total of 26 different security issues in the browser. It is also adding more Telemetry to the browser and introducing other changes.
Existing users on Windows, Linux or macOS systems may load chrome://settings/help or select Menu > Help > About Google Chrome to get the update downloaded and installed immediately on their systems. Google plans to roll out the update to the entire Chrome population over the course of days and sometimes weeks.
The same Help page should list the following versions after installation of the Chrome 116 update:
- Chrome for Mac and Linux: 116.0.5845.96
- Chrome for Windows: 116.0.5845.96 or 116.0.5845.97
- Chrome for Android: 116.0.5845.92
Google will release security updates more often starting in Chrome 116. The company is switching to a weekly security update cycle to reduce the time bad actors have to exploit new vulnerabilities.
Chrome 116: the security fixes
Google has fixed 26 different security issues in Chrome 116 for desktop systems and for Android. No publicly revealed security issue has the critical rating, the highest available rating. Google furthermore does not mention exploits in the wild, which suggests that there are none at the time.
The security fixes address different vulnerabilities in Chrome, including eight rated high. Vulnerabilities include use after free, heap buffer overflows, type confusions and insufficient validations.
The public list is available on the Chrome releases blog. Google does not disclose security issues that internal teams detected.
Chrome 116: Telemetry addition
Google Chrome 116 includes additional Telemetry. Google has added anti-phishing telemetry to the browser that logs user interaction data to Chrome and Safe Browsing servers. The company wants to use the data to better understand how " users interact with Safe Browsing phishing warnings and phishing pages".
The Enterprise policies MetricsReportingEnabled and SafeBrowsingProtectionLevel may be configured to stop Google Chrome from sending anonymous usage and crash-related data as well as more browsing information to Google.
Chrome 116: other notable changes
Google lists about a dozen changes in Chrome 116 on its Chrome Platform Status website. The majority of the listed changes are developer-specific. For home users, one of the interesting changes is a new Document picture-in-picture mode, which may be used to extend the functionality of picture-in-picture mode. Instead of using it solely to watch videos in a smaller overlay, documents are now also supported.
Google continues the rollout of the Google Search side panel in Chrome. Chrome users who right-click on selected text and select the search from the context menu have the results opened in the sidebar by default once the change lands. It is possible to restore the classic search behavior in Chrome, at least for now. Enterprise administrators may control the functionality using the GoogleSearchSidePanelEnabled policy.
Google improved the browser's Memory Saver and Energy Saver modes. Discarded tabs have improved visibility now in the Chrome tab strip and provide more information on memory usage. Tab Discarding exceptions management is expanded as well. Users may now add exceptions based on the tabs that are open at the time in the browser and the page action chip of a discarded tab includes an option now to opt that site out of future automatic actions.
Now You: do you have Chrome installed on your devices?
Would it really be difficult to identify substantially more security issues *before* releasing Chrome versions?
I have in mind two incompatibilities :
1- Users aren’t meant to be beta-testers;
2- No company’s official beta-testers (should they have any) will ever be able to reproduce the ground, the “real-world” experience, In areas know to have in place the highest security standards, that test, again and again, repeatedly, that imagine all scenarios, you still have accidents : airlines but even space administration. It’s just impossible to anticipate all issues.
Of course more is tested before release the lesser users may have to endure what their experience reports.
Moreover we live in an increasingly speedy world, expecting novelties and improvements to be delivered now and to be perfect. This is maybe why more than in past times what is new is not automatically better.
They can be discovered along time after a massive use of the released version or even others in an accumulative experience. Users can inform about bugs, exploits or other main and minor issues.
But they shouldn’t really be there in the first place…
Software no doubt has its challenges, but other products generally aren’t made available while still full of bugs!
I had enumerated a list of websites “[*.]example.com]” for which cookies were deleted after closing all browser windows. This was a workig feature.
After having updated to 116 this list is still existent, but now it is a >>> list of websites, for which 3rd-party-cookies are allowed <<< (!)
(Sorry for the not-exact terminology; I'm using the German edition of Chrome.)
Now you can delete automatically all cookies and data of sites when closed all tabs.
As far as I remember, this option was already available before. However, it’s not what I want(ed), and – it has disappeared in my installation of Chrome 116.0.5845.97.
The only remaining option to delete cookies is manually by “Clear browsing data”.
Only 26 security updates? No wonder they feel the need to close patch gapping by moving to weekly updates. Still, think of all the holes they haven’t found … chromium and it’s forks are inherently very insecure