Chrome 134 ships with security patches and new password change functionality
Google released a new stable version of its Chrome browser. This one brings Chrome to version 134 on the desktop. The new release fixes security issues and introduces new features.
Google says that it has fixed 14 security issues in Chrome 134. As usually, it lists only the externally reported security issues on the Chrome Releases blog. Good news for users is that there do not seem to be any exploits in the wild already, as Google usually mentions that in the announcement.
Note: more users may receive notifications that some of their extensions are no longer supported. Google is removing support for classic extensions in Chrome. Your options include switching to Mozilla's Firefox web browser or one of its forks, as it will continue to support Manifest V2 extensions.
Only a few Chromium-based browsers have pledged support as well. Opera Software said that its browser will continue to support classic extension. Brave Software announced plans to support a handful of very popular classic extensions in Brave Browser.
Chrome 134: major functional changes
The new Chrome releases introduces a few new features and some changes that users need to be aware of.
Here are the highlights:
- Semi-automated password change option: when users use the "check your password" dialog in Chrome, they may receive information about insecure passwords. Chrome 134 introduces a new feature to allow password changes on supported sites right in the dialog. The feature is not fully automated, but may speed up the process.
- Reading mode in Chrome's sidebar supports "read aloud" functionality now.
- Improved password form detection: Google says that it uses on-device machine learning to better "parse password forms on the web to increase detection and filling accuracy".
- Unpacked extensions are only enabled in Chrome if Developer Mode is turned on. Google reasons that this is done to "will only be enabled if the developer mode switch is turned on. This change is intended to improve security by mitigating the risks associated with harmful unpacked extensions and developer mode tampering exploitation".
- Chrome for Android may hide contents of notifications that "are suspected to be abusive". It uses on-device detection for that.
- New Security & Privacy panel in the Developer Tools. This allows developers to test how sites behave when third-party cookies are limited. Developers may use the panel to test all different states (All, Blocked, Allowed, Allowed by Exception).
How to upgrade to Chrome 134
Google Chrome is already out. Most unmanaged devices should receive the update in the coming days. Note that desktop users may enforce installation of the update by opening Menu > Help > About Google Chrome.
Windows users may run winget upgrade Google.Chrome.Exe to download and install the latest version that way.
Android users cannot force the upgrade. They need to wait until Google makes the update available via Google Play.
Now it is your turn. Do you have Chrome installed and use the browser? Or do you prefer a different browser altogether? Feel free to leave a comment down below.
@Bob
Thank you for the neverending fictional story.
FreeTube works like a dream.
The end.
This build also brings the “fix” for the white flash issue (although it is not enabled by default):
https://www.reddit.com/r/chrome/comments/1j3dpvp/you_can_now_enable_the_fix_for_the_white_flash/
.
It is interesting how this was fixed in Brave almost a year ago and made default many months ago. It sucks it is still present in Chromium by default. It is a small change that makes a big difference for sure.
Weird little story: My non-techy friend called me because Chrome killed ublock origin and now his internet was shit. I told him to install Brave and that would solve the problem. He uses Zorin OS so that part was relatively easy. However, he then complained that YouTube videos were laggy when he connected his laptop via HDMI cable to his TV. On Chrome this did not happen. I went for a visit to have a look. Yep, laggy city. I tried every trick in Brave but nothing helped, so I installed Firefox and whaddayaknow: same lag there too. But only with the HDMI cable connected to the TV, on the laptop screen everything was fine. So I then installed FreeTube. That did the trick, no lag, everything nice and smooth on the TV. So, it seems that Google is once again up to some sabotage on non-chrome browsers, conveniently at the same time when they kill off ublock origin and people are testing other browsers… “naaaah, this is baaad..let’s go back to Chrome..we will just have to live with the ads, but at least it works much better than every other browser..” That was probably Googles plan. I explained to my friend that Google have resorted to cheap tricks like that many in the past, so he decided that Chrome has no business existing on his computer anymore. He liked Firefox more than the chaos that is default Brave, so he now uses Firefox for all things internet and YouTube on the TV is handled by FreeTube which he was VERY impressed by right away. Happy ending. Google lost yet another one.
Brave uses Chromium, and Chromium is the same everywhere, the only difference should be the defaults with the renderer and/or optimization of GPU drivers. In Windows, many people copy the profile from Edge to Brave to stop these type of weird issues that only happen in Brave, because it is know that GPU companies optimize their drivers for hardcoded chrome.exe, edge.exe and so on… so yeah, that’s a big issue, I am sure it is the same case in Zorin and other OS.
What you should do is to check chrome://gpu and brave://gpu in both Chrome and Brave and see what is the difference between both, between the decoder being used to the renderer and then if Vulkan is used in Chrome vs Brave or some flag that needs to be turned off.
So it is not Google doing, and it is not Brave doing it, it is just someone is optimizing things more because they get more reports and users and all that, because without the users and reports, it is hard to do anything about it and know the issue might exist.
But for example, in some phones with Android it might say in the flags that Vulkan is on by default but if you check the gpu page, it says it is off, and for some users if they don’t use vulkan, some weird glitches happen and that means the fix is to force enable it, but you wouldn’t know this if you don’t go to GPU page and check it yourself.
There was a time when some rasterization feature in GPU would slow down some CAD web based viewer, with so many layers and all, and on Edge it worked fine, I checked and saw that some feature was turned on and disabling fixed the whole issue, and that’s what you do, because Chromium should work the same in both browsers, there is nothing Brave is changing about the GPU for it not to work, but some stuff might be on or off by default that might affect some users and it should be changed individually.
There is no exclusive API showing in Youtube that Chrome could have hidden in their closed source code and somehow sabotage non-Chrome browsers… if not it would be like Google Earth that was always exclusive to Chrome, and it was evident that was their intent.
Also, Google didn’t ‘kill’ uBlock Origin, uBlock Origin was killed by its own developer by not porting it to MV3 properly, and instead release a really basic without custom filters MV3 version called uBlock Lite, which is not replacing uBlock Origin, but it’s a separate installation. Until gorhill doesn’t stop being weird and actually ‘upgrade’ people from Mv2 to Mv3, then people will not have an adblocker unless they move their fingers, go to the Chrome store and install:
– Adguard which is the best Mv3 extension because all the Scriptlets and Features it has (not the fastest). Adguard even includes the Create Element scriptlet, which means you can easily add your code by creating a script tag, instead of using rpnt trick that might not work in some pages that don’t have any inline script. Create Element Scriptlet is not part of uBlock, becaue Adguard tends to innovate and bring these type of things faster than uBlock who then port the scriptlets from Adguard after a while.
– AdBlockPlus. This was the first official MV3 adblocker, they replaced their Mv2 with it and works almost the same, Scriptlets or Snippets are limited/basic, and that’s the reason why Vivaldi, Opera and others are not good, they use ABP and they don’t have a replace-node-text (rpnt) scriptlet or anything that allows the user to ‘hack’ the web. But it works, and it allows custom filters too, but again, nothing too advanced as Adguard.
– uBlock Origin Lite, this works okay, but you are only allow to enable or disable regional/extra lists, nothing like custom filters or anything. It supports most filters from uBlock but not being able to custom your filters is just weird. With its developer attitude, I have no even idea if they joined or plan to join the program to update filter lists within minutes that Google released for adblockers, where extension reviews will not be needed if only filter lists need to be updated, allowing to update the extensions to update the filter lists the same day… so I have no idea how uBlock Lite even handles anything anymore, all I know is Gorhill stated that it is lite, and will stay lite (without custom filters) for a long time, at least for now.
So, yes you can install 3 good adblockers but I guess for some people is so difficult to go to the store and actually do it?
Mv3 is not killing adblockers, it is setting restrictions and changing APIs, which forced Google to impose “move to Mv3 or get disabled” but they have increased some limits and added the program to update adblocker filter lists (filter lists with the ‘static rules’, which are the ones that can be added in the hundred thousands now need to be included with the extension, not remotely downloaded as in the past, dynamic rules are the ones that you can add remotely but they have a limit of few thousands, not hundreds like static ones).
Obviously this is not good for adblockers because any limit or restriction or lack of API affects Adblocking in some way, but it is not the end of the adblockers.
Technically doing ‘adblocking’ requires Devtools, you could do it with what it is in Devtools, because all adblockers do is use the same web technologies web developers use, you either:
– Inject JavaScript (scriptlets/snippets rules) = create or remove or modify pretty much anything in a website because all the APIs a browser has, so you use JavaScript to modify the page, like Youtube ads, they are removed with it or Twitch ads. You also use JS to create Procedural filters to select elements by text or something. So yes, powerful stuff. Anything JS allows, you can just do it in a website and this way modify anything, modify or create CSS to create normal cosmetics, and stop things from happening and all that, modifyt attr, classes, text, inline scripts… anything you want. Of course, Adguard Mv3 or uBlock Mv2 and ABP (with the basic snippets it has) allow doing all this without you creating your own code, but even in Brave recently added to easily create custom Scriptlets so you can do anything with it out of the box. Scriptlets = the most powerful thing an adblocker has, it is like userscripts but with native JS, and that’s better than what userscripts offer because userscripts can only be used with a manager, while native JS can be used as long as the browser supports such APIs.
So you can easily add your JS code in Devtools console or modify files or something, doing the same.
– Cosmetics = this is just using a CSS selector or pseudo class and then inject the CSS declaration `display: none !important` and that’s it. and that’s something you can easily do through JS or the devtools elements or modifying the source files of a website.
– Network Request filters, well, devtools include the “network filtering” tab, which allows to block network requests, and this is the basic anti-tracking for adblockers.
This is what manifest v3 platform changed, from the webrequest API to the declarativenetrequest API, this ONLY affects extensions because it is the extensions platforms, and added their limits. So the API will act differently, because now you declare the rule and the browser is the one blocking the requests, not allowing extensions to see each request and block or allow them, so it is safer but the limits in Mv3 is the issue, but again, devtools have this functionality out of the box.
So as you can see you can easily do the same with Devtools opened, so when people say “killing adblockers” it’s easy to see how people have no idea what adblockers do in the first place. Adblockers consolidate and make these rules permanent without needing Devtools, but Adblockers are just modifying and using web technologies against web technologies, there is no magic in the adblockers, and the amazing work is making things work and easy for filters to take advantage of this, like Scriptlets that will change things to be added in a filter list.
Adblockers are just amazing work by their developers, and the only way to get rid of them is to completely change how the internet is made and coded.
The problem with uBlock Origin is someone like gorhill who does this for ‘fun’ without getting anything back because he doesn’t even ask donations, is that Mv3 means he has to re-do a lot of his work and he doesn’t want to do it, so Lite was his answer but doesn’t mean it is not going to work for 99% of people.
Might be a downgrade compared to Mv2, but Mv3 is not killing adblockers, Google allows them and you can find them in the store, and they will be okay for a while.
Extensions by themselves are a big issue, browsers should include adblockers out of the box anyway, because native adblockers (properly made) are going to be faster and better than extensions that depend on an extension platform to function and getting affected by these changes.
Not even Mozilla Firefox cares to add a native adblocker, and this is problematic, because there is no way uBlock will stay Mv2 forever, especially when Firefox is losing marketshare. So when uBlock Origin finally sees themselves trapped as a Mv2 extension in a world of Mv3, do you think they will not start properly developing Lite?
Most extensions are already Mv3 and properly upgraded to Mv3 to avoid being disabled by Chrome policies. Tampermonkey, Adguard, ABP, any of those extensions did it, so why not uBlock Origin?
Mv3 has existed since 2019, and it’s been forced for 3 years so new extensions could only be Mv3 if not they wouldn’t be allowed in the store. Old extensions could only be updated as Mv2, and the goal was for them to assimilate and become Mv3… So in other words, it is uBlock Origin decision why people are getting their adblocker disabled.
No company wanted to re-do their adblockers to Mv3, but they did it, and accepted the future, this means Firefox, which already supports Mv3, will eventually be Mv3 only, just like when they went to Webextensions, and left behind all the XUL and all the better extensions that existed in Firefox for years.
So this is just a little text to make you understand that Chromium is the future and will be the future and the FUD of Google killing adblockers is just a FUD spread by people who couldn’t take 3 seconds to understand how adblockers work and how Mv3 with all its limitations it is still ‘okay’ as a platform for adblockers, and Google actually has given some benefits for extensions that use DNR and need filter lists updated the same day… if they wanted adblockers killed, they could simply remove them from store, just like they do with Youtube downloaders and apps from their Google Play store and all that.
People should really learn technology and research it and stop trying to fairy tales when some issue arrives. Google is not your friend, but some people act like if Google killed their dogs and families because they can’t simply read what Mv3 is about, and how Firefox will not save you from Mv3, because developers will always target the bigger userbase, not some APIs that will not matter in the end since Mv3 can work okay and the limits are not the end of the world.