Google released the chrome 102 new version release, version in which various important changes have been made, many of which are focused on improving the security of the browser, as well as improvements to the appearance and others.
As part of the vulnerability bounty program for the current version, Google paid out 24 prizes worth $65 (one prize of $600, one prize of $10, two prizes of $000, three prizes of $7500, four prizes of $7000, two prizes of $5000, two bonuses of $3000 and two of $2000).
Main novelties of Chrome 102
In this new version of the browser that is presented, to block the exploitation of vulnerabilities caused by access to already freed memory blocks (use-after-free), instead of ordinary pointers, started using the MiraclePtr type (raw_ptr). MiraclePtr provides a pointer hook that performs additional checks to access freed memory areas and blocks if such accesses are found.
The impact of the new protection method on performance and memory consumption is estimated to be negligible. The MiraclePtr mechanism is not applicable in all processes, in particular it is not used in rendering processes, but it can significantly improve security. For example, in the current version, of the 32 fixed vulnerabilities, 12 were caused by usage issues after the free class.
Another novelty that stands out is that the design of the interface with information has been changed about downloads. Instead of the bottom line with data about the download progress, sA new indicator has been added to the panel with the address bar, clicking it displays the file download progress and a history with a list of files already downloaded. Unlike the bottom bar, the button is permanently displayed on the bar and allows you to quickly access your download history. The new interface has so far been offered by default only to some users and will be extended to all if there are no problems. To return the old interface or enable a new one, the setting "chrome://flags#download-bubble" is provided.
Besides that, added a “Privacy Guide” section in the “Privacy and Security” section of settings, which provides an overview of the main settings that affect privacy, with detailed explanations of the impact of each setting.
It is also highlighted that test mode enabled by sending a CORS authorization request (Cross-Origin Resource Sharing) with the header "Access-Control-Request-Private-Network: true" to the main site server, if a resource on the internal network is accessed from localhost. When confirming the operation in response to this request, the server MUST return the "Access-Control-Allow-Private-Network: true" header. In Chrome version 102, the result of the commit does not yet affect the processing of the request: if there is no commit, a warning is displayed in the web console, but the subresource request itself is not blocked.
For applications (PWA, Progressive Web App), highlights the ability to change the layout of the title area of the window using the window control overlay components, which expand the screen area of the web application to the entire window, is provided. the web application can control rendering and input processing over the entire window, with the exception of the overlay block with normal window control buttons (close, minimize, maximize), to give the web application the shape of a normal desktop application.
On the other hand, it is highlighted that added support for generating virtual credit card numbers in the fields with details of payment of goods in online stores in the form autofill system. The use of a virtual card, the number of which is generated for each payment, makes it possible not to transfer data on a real credit card, but requires the provision of the necessary service by the bank. Currently, the feature can only be used by customers of certain banks in the United States.
La speculative rule support is enabled by default, which provides a flexible syntax for determining whether data related to the link can be proactively loaded before the user clicks the link.
The resource packaging mechanism has been stabilized in packages in Web Bundle format, which allows to increase the efficiency of loading a large number of related files (CSS styles, JavaScript, images, iframes).
Finally, if you are interested in knowing more about it, you can consult the details in the following link.
How to update or install Google Chrome in Ubuntu and derivatives?
For those who are interested in being able to update to the new version of the browser on their systems, they can do so by following the instructions that we share below. The first thing you should do is check if the update is already available, for this you have to go to chrome: // settings / help and the notification that there is an update will appear.
In case it is not so you must close your browser and you are going to open a terminal and type:
sudo apt update sudo apt upgrade
You open your browser again and it must have already been updated or the update notification will appear.
In case you want to install the browser or choose to download the deb package to update, we must go to the web page of the browser to obtain the deb package and to be able to install it in our system with the help of the package manager or from the terminal. The link is this.
Once the package is obtained, we only have to install with the following command:
sudo dpkg -i google-chrome-stable_current_amd64.deb
For those who need more time to update, the extended stable branch is supported separately, followed by 8 weeks. The next release of Chrome 103 is scheduled for June 21.