Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Chrome 92 Brings Several Privacy, Security Improvements

Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.

Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.

Chrome 92 arrives with expanded Chrome Actions, to provide users with improved management of privacy and security options. Now, they can type “safety check” in the address bar to verify whether a password is secure or to scan for malicious extensions, or they can type “manage security settings” for quick access to relevant controls.

The updated browser also brings improved Site Isolation, a feature designed to keep users safe from malicious websites by running each of them in a separate process. Now, the feature covers more sites and extensions, Google says.

With the new browser iteration, Android users can easily view and update specific permissions granted to a website (such as access to camera or microphone) by tapping on the lock icon on the Chrome address bar’s left side. The feature will soon roll out to other platforms as well.

Furthermore, Google has improved Chrome’s phishing detection capabilities, and claims they are now 50 times faster than before.

The phishing detection mechanism verifies the color profiles of the visited pages against those of common pages and alerts users if they match a known phishing site. Since no image is sent outside the browser, the processing is performed locally.

The newly announced improvements include avoiding to keep track of RGB channels in three hashmaps and using only one instead and summing up consecutive pixels before counting them in the hashmap, which Google claims can reduce the phishing classification process to only 100 milliseconds, instead of 1.8 seconds.

Chrome 92 is now rolling out to Windows, Mac, and Linux users with 35 security fixes, including 24 for vulnerabilities reported by external researchers. These include 9 high-severity bugs, 13 medium-severity issues, and 2 low-severity ones.

Google says it has paid the security researchers a total of more than $110,000 in bug bounty rewards for the reported vulnerabilities, but the company has yet to disclose the amount awarded for several reports, meaning that the total could be even higher.

Related: Google: New Chrome Zero-Day Being Exploited

Related: Google Adds HTTPS-First Mode to Chrome

Related: Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...