Η Google has released its new version Chrome browser, version 78.
The new version comes with many improvements, fast performance and many corrections to address issues security.
What are the new features that 78 offers?
- New Menu
- Password Checkup Extension
- DNS over HTTPS tests
- Dark Mode, which works on all sites
- Tab Hover Cards
DNS Over HTTPS (DoH)
This feature is aimed at enhancing security conveying its advantages HTTPS in DNS. If a user logs on to a public WiFi, DoH will prevent other WiFi users from seeing them sites visited by the user. Various spoofing or pharming attacks can also be avoided.
Tab Hover Cards
This feature is very useful for users who open multiple tabs. It actually gives information for the details of each tab when users have the mouse over it.
The new version of the Chrome browser no longer has the function XSS Auditor.
How to install the version Chrome Browser 78;
The installation process is simple. You need to follow these steps: Settings - Help - About Google Chrome.
Automatically check for new updates and then install. Alternatively, you can download the version from google.com/chrome.
One of its most important elements Chrome Browser 78 is that it fixes 37 security errors
The researchers, who discovered the bugs, received 58.000 dollars in total. Some of the vulnerabilities that the new release fixes are:
- CVE-2019-13699: Use-after-free critical vulnerability in multimedia. Discovered by Man Yue Mo of the Semmle Security Research Team on 6 September 2019 (fee: 20.000 dollars).
- CVE-2019-13700: Critical Buffer overrun vulnerability in Blink. It was discovered by the same researcher on 28 August 2019 (15.000 dollar fee).
- CVE-2019-13701: Critical URL spoofing vulnerability in navigation. Discovered by David Erceg on August 27 2019 (fee: 1.000 dollars).
- CVE-2019-13702: Obtain Administrator Permissions on the Installer. Discovered by Phillip Langlois and Edward Torkington on 6 August 2019 (fee: 5.000 dollars).
- CVE-2019-13703: URL bar spoofing. Discovered by Khalil Zhani on 12 August 2019 (fee: 3.000 dollars).
- CVE-2019-13704: CSP Bypass. Reported by Jun Kokatsu on 5 September 2019 (fee: 3.000 dollars).
- CVE-2019-13705: Bypass extension license. Reported by Luan Herrera on 30 July 2019 (fee: 2.000 dollars).
- CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 5 September 2019 (fee: 2.000 dollars).
- CVE-2019-13707: Problems with File Storage. Reported by Andrea Palazzo on 1η July 2019 (fee: 1.000 dollars).
- CVE-2019-13708: HTTP Identity Error. Reported by Khalil Zhani on 13 February 2019 (fee: 1.000 dollars)
- CVE-2019-13709: Override file protection. Reported by Zhong Zhaochen on 18 September 2019 (fee: 1.000 dollars).
- CVE-2019-13710: File protection override. Reported by bernardo.mrod on 18 August 2017 (fee: 500 dollars).
- CVE-2019-13711: Information leak. Reported by David Erceg on 20 July 2019 (fee: 500 dollars).
- CVE-2019-15903: Buffer overflow. Reported by Sebastian Pipping on 16 September 2019 (fee: 500 dollars).
- CVE-2019-13713: Data leakage. Reported by David Erceg on August 13 2019 (fee: not known).
- CVE-2019-13714: CSS injection. Reported by Jun Kokatsu on 10 July 2019 (fee: 2.000 dollars).
- CVE-2019-13715: Address error. Reported by xencigr of Tencent on 31 August 2019 (fee: 500 dollars).
- CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 19 September 2019 (fee: 500 dollars).
- CVE-2019-13718: IDN spoof. Reported by Khalil Zhani 20 July 2018 (fee: not known).