Tuesday, August 11, 16:46
Home security Chrome 84: Released and offers enhanced security

Chrome 84: Released and offers enhanced security

Chrome 84
Chrome 84: Released and offers enhanced security

Η Google released it Chrome 84, yesterday 14 July 2020 (Stable desktop channel), bringing many security improvements and new APIs for developers.

This new version does not include many new features, but it does offer increased protection with notifications of users for fraud, removal of unsafe TLS protocols, etc.

Desktop users Windows, Poppy and Linux can upgrade to Chrome 84 by going to Settings -> Help -> About Google Chrome. Then, the browser will automatically check for the new update and install it when available.

Repeal of the TLS 1.0 and 1.1 protocols

In a joint announcement in 2018, the MicrosoftThe GoogleThe Apple and Mozilla decided to abolish support for TLS 1.0 and 1.1 communication protocols from 2020.

Η Google planned to remove support for protocols in Chrome 81. However, due to its pandemic COVID-19, the abolition of the protocols was delayed so that users be able to access health and government sites that used to use certificates.

With Chrome 84, Google now removes support for TLS 1.0 and 1.1.

When users access one website, using these old certificates, will see a notification saying "Your connection is not completely secure".

Chrome 84
Chrome 84: Released and offers enhanced security

Its users Chrome Enterprise can enable support for TLS 1.0 and 1.1 until January 2021.

Chrome 84 warns of mixed content downloads

In April 2019, Google said it planned to block mixed content downloads (files delivered over an insecure HTTP connection, initially starting from HTTPS sites).

In previous versions of Google Chrome, the Google had an error when starting these types of downloads.

In Chrome 84, a warning when a mixed content download starts, which will state that "the file can not be downloaded securely".

Chrome 84: Released and offers enhanced security

Block notifications from fraud sites

Chrome 84
Chrome 84: Released and offers enhanced security

Many malicious sites display alerts and try to trick users into registering.

Once a user accepts these notifications, they will be bombarded with unwanted content for dating sites, fake gifts, malicious Chrome extensions and even malware.

In Chrome 84, a warning for these malicious alerts will appear.

New APIs releaseds for developers

Chrome 84 has many new APIs that allow developers to interact with the operating system system to a greater extent and increase browsing performance. One of them is the QuicTransport API.

QuicTransport API

Its API QuicTransport will allow web applications to connect to servers using the low performance and two-way transmission of the QUIC protocol.

This protocol allows applications to send and receive data in a reliable and unreliable manner using UDP packets.

Low-latency allows developers to create two-way tunnels between a web application and a server, with increased performance.

Chrome 84: New version fixes 38 vulnerabilities

Chrome 84 also fixes 38 vulnerabilities security:

RatingCVE IDDescription
CriticalCVE-2020-6510Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08
HighCVE-2020-6511Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24
HighCVE-2020-6512Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20
HighCVE-2020-6513Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04
HighCVE-2020-6514Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30
HighCVE-2020-6515Use after free in tab strip. Reported by DDV_UA on 2020-05-14
HighCVE-2020-6516Bypass policy in CORS. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2020-06-08
HighCVE-2020-6517Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16
MediumCVE-2020-6518Use after free in developer tools. Reported by David Erceg on 2019-07-20
MediumCVE-2020-6519Bypass policy in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25
MediumCVE-2020-6520Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08
MediumCVE-2020-6521Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27
MediumCVE-2020-6522Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13
MediumCVE-2020-6523Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08
MediumCVE-2020-6524Heap buffer overflow in WebAudio. Reported by Sung Ta (@ Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12
MediumCVE-2020-6525Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05
lowCVE-2020-6526Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24
lowCVE-2020-6527Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10
lowCVE-2020-6528Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22
lowCVE-2020-6529Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26
lowCVE-2020-6530Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21
lowCVE-2020-6531Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17
lowCVE-2020-6533Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11
lowCVE-2020-6534Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20
lowCVE-2020-6535Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22
lowCVE-2020-6536Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09

1 COMMENT

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Do you want a Chromebook? Choose among the 4 best!

A good Chromebook is not much different from regular laptops, while the best of them may be nicer than ...

UniConverter: Convert videos to 1000 formats 30 times faster!

If you are a video content creator, you will definitely need to convert a video to various formats many times, without compromising ...

How to persuade older people to use technology?

Technology can often seem daunting and difficult to older people who are unfamiliar with ...

How to stream 4K Ultra HD content to Netflix?

During the quarantine, Netflix has been a great help to people spending boring hours at home. The service has ...

iPhone: Add and remove Widgets from the Home screen

Apple brought the widgets to the Home screen of the iPhone with iOS 14. This is an advanced form of widgets from ...

The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...

Portable air conditioner: It is worn on the back and as a jewel 😛

Portable air conditioner - Worn on the back and like jewelry: 40 degrees and we have melted. Those of you who are lucky on the beach, please stop ...