{"id":35524,"date":"2022-08-04T18:20:45","date_gmt":"2022-08-04T18:20:45","guid":{"rendered":"https:\/\/harchi90.com\/everything-new-in-chrome-104\/"},"modified":"2022-08-04T18:20:45","modified_gmt":"2022-08-04T18:20:45","slug":"everything-new-in-chrome-104","status":"publish","type":"post","link":"https:\/\/harchi90.com\/everything-new-in-chrome-104\/","title":{"rendered":"Everything New in Chrome 104"},"content":{"rendered":"
\n
\n
<\/p>\n
\n
\"Image<\/div>\n<\/div>\n

<\/span><\/p>\n

photo: monticello (Shutterstock)<\/figcaption><\/p>\n<\/div>\n

<\/figure>\n

Google’s latest update, Chrome 104, here. Assuming you have the surprisingly generous system requirements<\/span>you can update your browser today to take advantage of its new features and changes. The biggest UI changes are for Chromebook users running Chrome OS, but all Chrome users will benefit from the security patches.<\/p>\n

The new Chrome update comes with 27 security patches<\/h2>\n

The most important reason to update Google Chrome is to install the 27 security patches it comes with. To be clear, the security situation isn’t dire: According to Google’s Chrome Releases blog<\/span>, none of the 27 vulnerabilities patched with Chrome 104 are \u201czero-day,\u201d meaning there’s no evidence the vulnerabilities have been exploited by malicious users in the wild. If you’re running Chrome 103 today, you aren’t likely to be targeted with one of these security flaws. That said, these 27 vulnerabilities are now known to the public and it’s only a matter of time before bad actors discover how to use them against users who don’t have Chrome 104.<\/p>\n

In addition, seven of these flaws are rated as \u201cHigh,\u201d meaning they are more of a threat than others. Here is the complete list, with the \u201cHigh\u201d vulnerabilities listed at the top:<\/p>\n

    \n
  • [$15000][1325699<\/span>] high<\/strong> CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16<\/li>\n
  • [$10000][1335316<\/span>] high<\/strong> CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10<\/li>\n<\/ul>\n
      \n
    • [$7000][1338470<\/span>] high<\/strong> CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22<\/li>\n
    • [$5000][1330489<\/span>] high<\/strong> CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31<\/li>\n
    • [$3000][1286203<\/span>] high<\/strong> CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11<\/li>\n
    • [$3000][1330775<\/span>] high<\/strong> CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01<\/li>\n
    • [$TBD][1338560<\/span>] high<\/strong> CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22<\/li>\n
    • [$8000][1278255<\/span>] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09<\/li>\n
    • [$5000][1320538<\/span>] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28<\/li>\n
    • [$5000][1321350<\/span>] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30<\/li>\n
    • [$5000][1325256<\/span>] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13<\/li>\n
    • [$5000][1341907<\/span>] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05<\/li>\n
    • [$4000][1268580<\/span>] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10<\/li>\n
    • [$3000][1302159<\/span>] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02<\/li>\n
    • [$2000][1292451<\/span>] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31<\/li>\n
    • [$2000][1308422<\/span>] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21<\/li>\n
    • [$2000][1332881<\/span>] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04<\/li>\n
    • [$2000][1337304<\/span>] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17<\/li>\n
    • [$1000][1323449<\/span>] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber \u200b\u200bSecurity on 2022-05-07<\/li>\n
    • [$1000][1332392<\/span>] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03<\/li>\n
    • [$1000][1337798<\/span>] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20<\/li>\n
    • [$TBD][1339745<\/span>] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27<\/li>\n<\/ul>\n
      \n
      \n

      G\/O Media may get a commission<\/p>\n

      \n
      \n
      \n
      <\/div>\n<\/div>\n
      \n

      70% off<\/p>\n

      Jachs NY Summer Shorts Sale<\/p>\n<\/div>\n<\/div>\n

      \n

      Exclusive sale on summer styles<\/strong>
      Patterned, plain, twill, and chino, these classic shorts with 7-9″ inseams tell a story\u2014you’re a guy who vacations, maybe on a boat. <\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

      It’s not all about the security updates, though, according to How-To Geek<\/span>. Here’s what else you can expect when upgrading to Chrome 104 (bonus points if you have a Chromebook).<\/p>\n

      Chrome OS officially supports light and dark mode<\/h2>\n

      Dark mode is any software’s most requested feature, and now it’s available in Chrome OS. With the latest update, Google not only officially supports switching between light and dark mode, but also now lets you switch between them automatically. I use this feature on my devices, so when the sun starts to set, everything pops into dark mode. <\/p>\n

      A new Start Menu for Chrome OS<\/h2>\n

      Another great feature: Chromebooks now have a Windows-like Start Menu, dubbed the \u201cProductivity Launcher.\u201d It comes complete with a Google Search Bar and a shortcut for the Assistant. Plus, over on the other side of the System Tray, you’ll find the date with a new feature: When you click it, you’ll see a large, useful calendar widget. <\/p>\n

      Only share a select portion of your screen in video recordings<\/h2>\n

      Anyone who regularly shares their screen will appreciate this update: Web app developers can implement a feature called Region Capture<\/span>, which allows users now crop an area of \u200b\u200byour display to record or share, rather than focusing on an entire window or your whole screen. This feature can help assuage fears of over-sharing, giving you control over exactly what portion of your screen others can see.<\/p>\n

      Of course, it’ll be up to devs to implement Region Capture in their services, so you might not see this feature appear right away. It’s powered by Chrome 104 though.<\/p>\n

      LazyEmbeds (limited testing)<\/h2>\n

      Google is also testing a feature called LazyEmbeds, which loads embedded content in a website only when it becomes visible on your screen. It’s a spin-off of \u201clazy loading,\u201d in which browsers load site content only when a user would see it, rather than loading the entire site and its content at once. At this time, only 1% of Chrome users will participate in this testing, so it isn’t a total rollout in version 104.<\/p>\n

      New developer updates<\/h2>\n

      With each new version of Chrome, Google rolls out new features for developers. You can find a complete list of changes on Google’s DevTools blog<\/span> and the Chromium Blog<\/span>as well as this DevTools 104 videos<\/span>:<\/p>\n