大†Shinegumi†大 Posted September 19, 2024 Posted September 19, 2024 (edited) The Chrome web browser has the most significant market share of them all, with 3.45 billion users, so it’s not surprising that many eyes are on the code looking for security flaws. Google has just released version 129 of Chrome, fixing nine security vulnerabilities, and users are urged to update as soon as possible. Here’s what you need to know. What’s New In Google Chrome ? A stable channel update posting for desktop users of the Chrome web browser has announced a new version containing “a number of fixes and improvements.” You can read about Chrome developments here, and the new features of Chrome 129 are highlighted here. However, as a security guy I’m not overly interested in those for now: what I want to explain are the vulnerabilities that have been fixed and how to ensure the newly protected version of the browser is installed and activated on your device. Google on Tuesday announced the release of Chrome 132 to the stable channel with 16 security fixes, including 13 that resolve vulnerabilities reported by external researchers. Of the externally reported flaws, five are high-severity bugs affecting browser components such as the V8 JavaScript engine, Navigation, the open source 2D graphics library Skia, Metrics, and Tracing. Two of these issues – an out-of-bounds memory access in V8 tracked as CVE-2025-0434 and an inappropriate implementation in Navigation tracked as CVE-2025-0435 – earned the reporting researchers $7,000 bug bounty rewards each. Google paid $3,000 and $2,000 for an integer overflow in Skia and an out-of-bounds read in Metrics, respectively, and has yet to disclose the amount to be handed out for a stack buffer overflow in Tracing. Chrome 132 also resolves five medium-severity security defects reported by external researchers, including a race condition in Frames and an inappropriate implementation in Fullscreen, each earning the reporting researchers $5,000 bug bounty rewards. The remaining medium bugs include two inappropriate implementation issues in Fenced Frames and Payments, and an insufficient data validation flaw in Extensions, for which Google handed out $2,000, $2,000, and $1,000 rewards, respectively. The browser update also resolves three low-severity inappropriate implementations in Extensions, Navigation, and Compositing. Google says it paid $1,000 in bug bounty rewards for each of these flaws. Overall, Google handed out $37,000 in bug bounty rewards to the reporting researchers, but the total amount could be higher once the amounts are determined for all the resolved issues. What’s New in Google Chrome 132.0 Stable Version The new version of Chrome comes with following changes and enhancements: Query Support in Search with Google Lens: Starting with Chrome 132, the Search with Google Lens feature begins to roll out across all platforms. Now users can also ask questions about the entire web page or PDF document. Admins can turn on/off this feature using LensOverlaySettings policy as mentioned in this article. Network Service Sandbox Support on Windows: To improve security and reliability, the network service is now sandboxed on Windows. The NetworkServiceSandboxEnabled policy allows users to disable the sandbox functionality. Batch Upload of Synced Data: Starting with Chrome 132, users can now upload any local data stored on their device to their Google Account. Currently it’s available for passwords and addresses data types only. Other data types will be included in future. The SyncTypesListDisabled policy can be used to customize the data types. Improvements to Chrome Identity Model: Users now don’t need to set up Chrome sync on their devices. They can now simply sign in to Chrome and can access or save items to their Google Account. HTTPS-First Mode Support: HTTPS-First Mode (HFM) automatically upgrades HTTP sites to HTTPS. The user can disable HFM using Chrome settings page. This feature can be controlled using HttpsOnlyMode and HttpAllowlist policies. Password Leak Toggle Option Moved: The toggle option was previously present on chrome://settings/security page. Now it has been moved from the standard protection heading to the Advanced section. (How-to Enable/Disable Guide) Removal of ThirdPartyBlockingEnabled Policy: Due to known issues, ThirdPartyBlockingEnabled policy is now deprecated and will be removed from Chrome 135. Security fixes Bug fixes and improvements New group policies implemented Windows 11/10 Silent installation Quote https://www.mediafire.com/file/l5gt7zhr492ukju/Google+Chrome+132.0.6834.111+AIO+Silent+Install.7z/file https://mir.cr/1CIMENHX Windows 7/8 Silent installation Google Chrome 109.0.5414.168 AIO windows 7 last version Install Silent Quote https://www.mediafire.com/file/y480s6kyzu9k81l/Google+Chrome+109.0.5414.168+AIO+Install+Silent.7z/file https://mir.cr/0GHBFW82 Edited January 23 by 大†Shinegumi†大 Quote
大†Shinegumi†大 Posted September 25, 2024 Author Posted September 25, 2024 Google Chrome 129.0.6668.71 Update Quote
大†Shinegumi†大 Posted October 2, 2024 Author Posted October 2, 2024 https://developer.chrome.com/release-notes/129 Quote
大†Shinegumi†大 Posted October 30, 2024 Author Posted October 30, 2024 Google Chrome 130.0.6723.92 update Quote
大†Shinegumi†大 Posted January 8 Author Posted January 8 This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug. Android releases contain the same security fixes as their corresponding Desktop (Windows & Mac: 131.0.6778.264/.265 and Linux: 131.0.6778.264) unless otherwise noted. Quote
大†Shinegumi†大 Posted January 23 Author Posted January 23 The Stable channel has been updated to 132.0.6834.110/111 for Windows, Mac and 132.0.6834.110 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The extended stable channel has been updated to 132.0.6834.110/111( Windows, Mac) and will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$11000][386143468] High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26 [$8000][385155406] High CVE-2025-0612: Out of bounds memory access in V8.Reported by Alan Goodman on 2024-12-20 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [391144311] Various fixes from internal audits, fuzzing and other initiatives Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues. Daniel Yip Google Chrome Quote
.thumb.jpg.7d51cc81264da0c3589cc92d7d3aed7b.jpg)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.