Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Chrome 92 Brings Several Privacy, Security Improvements

Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.

Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.

Chrome 92 arrives with expanded Chrome Actions, to provide users with improved management of privacy and security options. Now, they can type “safety check” in the address bar to verify whether a password is secure or to scan for malicious extensions, or they can type “manage security settings” for quick access to relevant controls.

The updated browser also brings improved Site Isolation, a feature designed to keep users safe from malicious websites by running each of them in a separate process. Now, the feature covers more sites and extensions, Google says.

With the new browser iteration, Android users can easily view and update specific permissions granted to a website (such as access to camera or microphone) by tapping on the lock icon on the Chrome address bar’s left side. The feature will soon roll out to other platforms as well.

Furthermore, Google has improved Chrome’s phishing detection capabilities, and claims they are now 50 times faster than before.

The phishing detection mechanism verifies the color profiles of the visited pages against those of common pages and alerts users if they match a known phishing site. Since no image is sent outside the browser, the processing is performed locally.

The newly announced improvements include avoiding to keep track of RGB channels in three hashmaps and using only one instead and summing up consecutive pixels before counting them in the hashmap, which Google claims can reduce the phishing classification process to only 100 milliseconds, instead of 1.8 seconds.

Chrome 92 is now rolling out to Windows, Mac, and Linux users with 35 security fixes, including 24 for vulnerabilities reported by external researchers. These include 9 high-severity bugs, 13 medium-severity issues, and 2 low-severity ones.

Advertisement. Scroll to continue reading.

Google says it has paid the security researchers a total of more than $110,000 in bug bounty rewards for the reported vulnerabilities, but the company has yet to disclose the amount awarded for several reports, meaning that the total could be even higher.

Related: Google: New Chrome Zero-Day Being Exploited

Related: Google Adds HTTPS-First Mode to Chrome

Related: Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.