Security Experts:

Chrome 92 Brings Several Privacy, Security Improvements

Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.

Chrome 92 arrives with expanded Chrome Actions, to provide users with improved management of privacy and security options. Now, they can type “safety check” in the address bar to verify whether a password is secure or to scan for malicious extensions, or they can type “manage security settings” for quick access to relevant controls.

The updated browser also brings improved Site Isolation, a feature designed to keep users safe from malicious websites by running each of them in a separate process. Now, the feature covers more sites and extensions, Google says.

With the new browser iteration, Android users can easily view and update specific permissions granted to a website (such as access to camera or microphone) by tapping on the lock icon on the Chrome address bar’s left side. The feature will soon roll out to other platforms as well.

Furthermore, Google has improved Chrome’s phishing detection capabilities, and claims they are now 50 times faster than before.

The phishing detection mechanism verifies the color profiles of the visited pages against those of common pages and alerts users if they match a known phishing site. Since no image is sent outside the browser, the processing is performed locally.

The newly announced improvements include avoiding to keep track of RGB channels in three hashmaps and using only one instead and summing up consecutive pixels before counting them in the hashmap, which Google claims can reduce the phishing classification process to only 100 milliseconds, instead of 1.8 seconds.

Chrome 92 is now rolling out to Windows, Mac, and Linux users with 35 security fixes, including 24 for vulnerabilities reported by external researchers. These include 9 high-severity bugs, 13 medium-severity issues, and 2 low-severity ones.

Google says it has paid the security researchers a total of more than $110,000 in bug bounty rewards for the reported vulnerabilities, but the company has yet to disclose the amount awarded for several reports, meaning that the total could be even higher.

Related: Google: New Chrome Zero-Day Being Exploited

Related: Google Adds HTTPS-First Mode to Chrome

Related: Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape

view counter