Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Chrome 83 Brings Enhanced Safe Browsing, New Privacy and Security Controls

Google this week released Chrome 83 to the stable channel with patches for a total of 38 vulnerabilities, with improved Safe Browsing protection, and updated privacy and security controls.

Google this week released Chrome 83 to the stable channel with patches for a total of 38 vulnerabilities, with improved Safe Browsing protection, and updated privacy and security controls.

The newly introduced Enhanced Safe Browsing protection in Chrome is meant to provide users with a more advanced level of security while browsing the web, by increasing protection from dangerous websites and downloads.

For users signed into Chrome and other Google apps (such as Gmail, Drive, etc), the company claims to provide protection “based on a holistic view of threats” encountered on the web and attacks on a user’s account.

With Safe Browsing, Google explains, the list of websites considered malicious is refreshed every 30 minutes, but that represents a long-enough window for some phishing sites to remain undetected by switching domains.

Enhanced Safe Browsing, on the other hand, allows Chrome to check uncommon URLs in real time, meaning that threats can be detected faster. Moreover, a small sample of the suspicious page or download is sent to Google, to help protect other users as well.

For signed-in users, the data is linked to their Google account, so that protections can be tailored to the user when an attack is detected against their browser or account. The data is anonymized after a short period.

Users can turn the feature on by heading to Privacy and Security settings > Security > “Enhanced protection” mode under Safe Browsing. The feature will roll out gradually in Chrome 83 and will arrive on Android as well, in a future release.

Chrome 83, Google says, also makes it more intuitive for users to control their privacy and security settings on desktop systems, with easier to manage cookies, reorganized controls in Site Settings, improved control over the data shared with Google to store in Google accounts and share across devices, and the “Clear browsing data” option now at the top of the Privacy & Security section.

Advertisement. Scroll to continue reading.

The browser also includes a safety check that allows users to confirm the safety of their experience in Chrome. Thus, they can check whether passwords stored in Chrome have been compromised, if Safe Browsing is turned off, if the latest Chrome version is installed, and if malicious extensions are used.

Additionally, Chrome will be blocking third-party cookies by default when in Incognito mode, and will also provide a prominent control over these cookies on the New Tab page. Thus, users can choose to allow third-party cookies for specific sites.

With the new release, Chrome also gets Secure DNS, where DNS-over-HTTPS is employed to encrypt the DNS lookup, to prevent attackers from knowing which sites the user is accessing. The browser will automatically upgrade to DNS-over-HTTPS if the service provider supports it, but users can adjust or completely disable the feature in the Advanced security section.

Of the 38 vulnerabilities patched in the new Chrome release, 27 were reported by external researchers, Google reveals. These include five high severity flaws, seventeen medium severity issues, and five low risk bugs.

The most important of the vulnerabilities are CVE-2020-6465 (use after free in reader mode), CVE-2020-6466 (use after free in media), CVE-2020-6467 (use after free in WebRTC), CVE-2020-6468 (Type Confusion in V8), and CVE-2020-6469 (insufficient policy enforcement in developer tools).

For the first two vulnerabilities, Google paid $20,000 and $15,000 in bug bounties, respectively. Each of the next two bugs earned the reporting researchers $7,500, while the fifth was rewarded with $5,000. Overall, Google says it paid out over $75,000 in bug bounty rewards to the reporting researchers.

Related: Serious Vulnerabilities Patched in Chrome, Firefox

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.