Connect with us

Hi, what are you looking for?


Identity & Access

Chrome 70 Updates Sign-In Options, Patches 23 Flaws

Google on Tuesday released Chrome 70 in the stable channel, with patches for nearly two dozen vulnerabilities, as well as with updated sign-in options.

Google on Tuesday released Chrome 70 in the stable channel, with patches for nearly two dozen vulnerabilities, as well as with updated sign-in options.

Available for Windows, Mac and Linux as version 70.0.3538.67, the new Chrome iteration arrives with patches for 23 vulnerabilities, 18 of which were discovered by external researchers. These include 6 flaws rated high severity, 8 medium risk, and 4 low severity issues.

The addressed flaws include sandbox escape, remote code execution, heap buffer overflow, URL spoofing, use after free, memory corruption, cross-origin URL disclosure, security UI occlusion in full screen mode, iframe sandbox escape on iOS, and lack of limits on update() in ServiceWorker.

Google paid over $20,000 in bug bounty rewards to the reporting security researchers.

One other important update that Chrome 70 comes with is the final version of the Transport Layer Security (TLS) 1.3 traffic encryption protocol, which was approved earlier this year. In one year and a half, Chrome and all other major web browsers will no longer support TLS 1.0 and 1.1.

The browser now also provides users with increased control over Chrome sign-in options. The previous Chrome release would automatically sign users into the browser when they signed into a Google service, which raised privacy concerns.

In late September, Google revealed that Chrome’s sign-in behavior was meant to make it more obvious for users that they are logged into a specific account.

Advertisement. Scroll to continue reading.

“You’ll see your Google Account picture right in the Chrome UI, so you can easily see your sign-in status. When you sign out, either directly from Chrome or from any Google website, you’re completely signed out of your Google Account,” Zach Koch, Chrome Product Manager, explained at the time.

One issue with the functionality, however, was that users had no control over it, and Google decided to change that.

Thus, Chrome 70 now provides users with the option to turn off the linking of web-based sign-in with browser-based sign-in. By default, the linking is turned on, but users can opt out, meaning they will no longer be signed into Chrome when signing into a Google service.

Now, Chrome is also making it clearer for users whether the syncing option is turned on, so that people know when their data is being sent to Google’s servers.

Related: Major Browsers to Kill TLS 1.0, 1.1

Related: Latest Version of Chrome Improves Password Management, Patches 40 Flaws

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...