Google published Chrome 83 this week to the stable channel with patches for a total of 38 bugs, enhanced Safe Browsing support, and revised security and privacy controls.
The newly introduced Enhanced Safe Browsing protection in Chrome is intended to provide users with a higher degree of security while browsing the web, by increasing protection from dangerous websites and downloads.
The company claims to provide security “based on a holistic view of risks” found on the web and attacks on a user’s account for users signed into Chrome and other Google apps (such as Gmail, Drive etc).
Google explains that with Safe Browsing, the list of websites deemed malicious is refreshed every 30 minutes, but that represents a long enough window for some phishing sites to remain undetected by switching domains.
On the other hand, improved Secure Browsing helps Chrome to search unusual URLs in real time , which means threats can be identified more easily. In turn, Google can submit a small sample of the suspected website or update, to help protect other users as well.
The data is connected to the Google account for signed-in users, so that security can be customized to the user when an attack on their browser or account is detected. After a short period the data is anonymised.
Under Safe Browsing, users can turn on the feature by going to Privacy and Safety settings > Safety > “Enhanced Protection” mode. The feature will gradually roll out in Chrome 83, and will arrive in a future release on Android as well.
Chrome 83, says Google, also allows it more easy for users to access their privacy and security settings on desktop platforms, with cookies easier to manage, reorganized controls in Site Settings, enhanced access of data exchanged with Google to store and share in Google Accounts across devices, and the option “Simple browsing data” now at the top of the Privacy & Security list.
The browser also includes a security check that lets users confirm the security of their Chrome experience. Users can also check whether passwords stored in Chrome are compromised, whether Safe Browsing is switched off, if the new version of Chrome is enabled, and whether malicious extensions are used.
Additionally, when in Incognito mode, Chrome will block cookies from third parties by default, and will also provide prominent control over these cookies on the New Tab page. Thus, users may choose to allow cookies from third parties for specific sites.
Chrome also gets Secure DNS with the new release, where DNS-over-HTTPS is used to encrypt the DNS lookup, in order to prevent attackers from knowing which sites the user accesses. If the service provider supports it, the browser will automatically upgrade to DNS-over-HTTPS, but users can adjust or disable the feature in the Advanced Security section altogether.
Of the 38 vulnerabilities patched in the new Chrome release, outside researchers have reported 27, Google reveals. Which involve five defects of high severity, seventeen issues of medium severity and five bugs of low risk.
CVE-2020-6465 (use after free in reader mode), CVE-2020-6466 (use after free in media), CVE-2020-6467 (use after free in WebRTC), CVE-2020-6468 (type confusion in V8), and CVE-2020-6469 (insufficient policy enforcement in developer tools) are the most important vulnerabilities.
Google charged $20,000, and $15,000 in bug bounties, respectively, for the first two vulnerabilities. Each of the next two bugs won $7,500 from the reporting researchers while the fourth got $5,000 in compensation. Overall, Google claims it has paid the reporters more than $75,000 in bug bounty rewards.
