Everything New in Chrome 104

Everything New in Chrome 104

Image for article titled Everything New in Chrome 104

Photo: monticello (Shutterstock)

Google’s latest update, Chrome 104, is here. Assuming you have the surprisingly generous system requirementsyou can upgrade your browser today to take advantage of its new features and changes. The biggest UI changes are for Chromebook users running Chrome OS, but all Chrome users will benefit from security patches.

The new Chrome update comes with 27 security patches

The most important reason to update Google Chrome is to install the 27 security patches it comes with. To be clear, the security situation is not dire: According to Google’s Chrome Releases Blog, none of the 27 vulnerabilities patched with Chrome 104 are “zero-day”, meaning there is no evidence that the vulnerabilities were exploited by malicious users in nature. If you’re running Chrome 103 today, you’re not likely to have one of these security flaws. That said, these 27 vulnerabilities are now known to the public and it’s only a matter of time before criminals figure out how to use them against users who don’t have Chrome 104.

Additionally, seven of these faults are rated “High”, meaning they are a greater threat than others. Here’s the full list, with “High” vulnerabilities listed at the top:

  • [$15000][1325699] Tall CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16
  • [$10000][1335316] Tall CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 06-10-2022
  • [$7000][1338470] Tall CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22
  • [$5000][1330489] Tall CVE-2022-2606: Use after free version in Managed Devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31
  • [$3000][1286203] Tall CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11
  • [$3000][1330775] Tall CVE-2022-2608: use after free in overview mode. Reported by Khalil Zhani on 2022-06-01
  • [$TBD][1338560] Tall CVE-2022-2609: Use after free in Near Share. Reported by koocola(@alo_cook) and Guang Gong of the 360 ​​Vulnerability Research Institute on 2022-06-22
  • [$8000][1278255] Medium CVE-2022-2610: Insufficient application of policies in obtaining records. Reported by Maurice Dauer on 2021-12-09
  • [$5000][1320538] Medium CVE-2022-2611: Improper implementation in fullscreen API. Reported by Irvan Kurniawan (source7) on 2022-04-28
  • [$5000][1321350] Medium CVE-2022-2612: Side channel information leak on keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30
  • [$5000][1325256] Medium CVE-2022-2613: Use after free on Input. Reported by Piotr Tworek (Vewd) on 2022-05-13
  • [$5000][1341907] Medium CVE-2022-2614: use after free in login flow. Reported by Raven at the KunLun lab on 2022-07-05
  • [$4000][1268580] Medium CVE-2022-2615: Insufficient policy application in Cookies. Reported by Maurice Dauer on 2021-11-10
  • [$3000][1302159] Medium CVE-2022-2616: Improper implementation in the Extensions API. Reported by Alessandro Ortiz on 2022-03-02
  • [$2000][1292451] Medium CVE-2022-2617: Use after free in the Extensions API. Reported by @ginggilBesel on 2022-01-31
  • [$2000][1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21
  • [$2000][1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04
  • [$2000][1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17
  • [$1000][1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber ​​​​Security on 2022-05-07
  • [$1000][1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03
  • [$1000][1337798] Medium CVE-2022-2623: use after free in offline mode. Reported by Raven at the KunLun lab on 2022-06-20
  • [$TBD][1339745] Medium CVE-2022-2624: PDF Heap Buffer Overflow. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE internship program on 2022-06-27

It’s not just about security updates, though. according to How-To Geek. Here’s what you can expect when upgrading to Chrome 104 (bonus points if you have a Chromebook).

Chrome OS officially supports light and dark mode

Dark mode is the most software requested feature, and now it’s available on Chrome OS. With the latest update, Google not only officially supports switching between light and dark mode, but now also allows you to switch between them automatically. I use this feature on my devices so when the sun starts to go down everything appears in dark mode.

A new start menu for Chrome OS

AAnother great feature: Chromebooks now have a Windows-like start menu, called the “Productivity Launcher.” It comes complete with a Google search bar and Assistant shortcut. Also, on the other side of the system tray, you will find the date with a new feature: When you click on it, you will see a large and useful calendar widget.

Share only a selected part of your screen in video recordings

Anyone who regularly shares their screen will appreciate this update: Web application developers can implement a feature called region capture, which now allows users to crop an area of ​​their screen to record or share, instead of focusing on an entire window or their entire screen. This feature can help allay fears of oversharing by giving you control over exactly what part of your screen others can see.

Of course, it will be up to developers to implement Region Capture in their services, so this feature may not appear right away. met’However it works with Chrome 104.

LazyEmbeds (limited testing)

Google is also testing a feature called LazyEmbeds, which loads embedded content on a website only when it becomes visible on your screen. It is a derivative of “lazy loading,” in which browsers load site content only when a user would view it, rather than loading the entire site and its content at once. At this time, only 1% of Chrome users will participate in this test, so it’s not a full rollout in version 104.

New updates for developers

With each new version of Chrome, Google introduces new features for developers. You can find a full list of changes at Google Developer Tools Blog and the chrome blogas much as this DevTools 104 video:

Chrome 104 – What’s New in DevTools

How to update Google Chrome

Fortunatelyupdating Chrome on your computer is easy: click the three dots in the upper-right corner of the window, then choose Help > About Google Chrome. Allow Chrome to load for a moment—wWhen the update is done, you can click “Restart”, which will restart your browser with Chrome 104.

Leave a Comment

Your email address will not be published.