Chrome 83 Enhanced Safe Browsing, New Privacy and Security Controls
Google released Chrome 83 this week with patches for a total of 38 vulnerabilities, enhanced protection for secure browsing and updated privacy and security checks for the stable channel.
The new version of Chrome, Advanced Security for Safe Browsing, is designed to provide users with a higher level of security while browsing by improving protection against unsafe websites and downloads.
For users who subscribe to Chrome and other Google applications (such as Gmail, Drive, etc.), the company says it provides protection based on a global picture of the threats and attacks that occur against the user’s account online.
With Safe Browsing, Google explains, the list of sites classified as malicious is updated every 30 minutes, but it is a long window where some phishing sites go unnoticed when you switch domains.
In contrast, Chrome’s enhanced browsing security allows it to check for unusual URLs in real time, allowing it to detect threats more quickly. In addition, a small example of a suspicious page or download is sent to Google to protect other users.
For registered users, the data is linked to their Google account. This way, if an attack on your browser or account is detected, you can set up protection for the user. After a short period of time, the data is anonymised.
Users can enable this feature by going to Privacy and Security > Security > Advanced Protection under Secure Browsing. The feature will gradually be distributed in Chrome 83 and will also be available on Android, a future version.
According to Google, Chrome 83 also enables users to more intuitively manage the privacy and security settings on their desktops, simplify cookie management, reorganize controls in website settings, improve control over data exchanged with Google to be stored in Google Accounts and shared between devices, and the Clear Viewing Data option is now a leader in privacy and security.
The browser also provides a security check that allows users to confirm that they are safe when using Chrome. This allows them to check if passwords stored in Chrome have been compromised, if safe browsing has been disabled, if the latest version of Chrome has been installed and if malicious extensions are being used.
By default, Chrome also blocks third-party cookies in Incognito mode and provides significant control over these cookies in the New tab. This allows users to allow the use of third party cookies for certain sites.
The new version of Chrome also includes a DNS security system, which uses DNS-on-HTTPS to encrypt DNS queries so that attackers do not know which sites the user is accessing. The browser automatically switches to DNS-on-HTTPS mode if the ISP supports it, but users can fully configure or disable this feature under Advanced Security.
Of the 38 vulnerabilities identified in the new version of Chrome, 27 have been reported by external researchers, reports Google. These include five high defects, seventeen moderately serious defects and five low-risk defects.
The main weaknesses are the following: CVE-2020-6465 (use after freeware in read-only mode), CVE-2020-6466 (use after freeware in media mode), CVE-2020-6467 (use after freeware in WebRTC), CVE-2020-6468 (typing error in V8), and CVE-2020-6469 (insufficient policy enforcement in development tools).
For the first two vulnerabilities, Google paid $20,000 and $15,000 for the errors. Each of the following two errors earned the investigators $7,500, the fifth $5,000. According to Google, the company has paid more than $75,000 in total to researchers working with error messages.
That’s what it looks like: Serious vulnerabilities in Chrome, Firefox repaired
Ionat Argir is the international correspondent for Security Week.