This new version does not include many new features, but it does offer increased protection with notifications of users for fraud, removal of unsafe TLS protocols, etc.
Desktop users Windows, Poppy and Linux can upgrade to Chrome 84 by going to Settings -> Help -> About Google Chrome. Then, the browser will automatically check for the new update and install it when available.
Repeal of the TLS 1.0 and 1.1 protocols
In a joint announcement in 2018, the MicrosoftThe GoogleThe Apple and Mozilla decided to abolish support for TLS 1.0 and 1.1 communication protocols from 2020.
Η Google planned to remove support for protocols in Chrome 81. However, due to its pandemic COVID-19, the abolition of the protocols was delayed so that users be able to access health and government sites that used to use certificates.
With Chrome 84, Google now removes support for TLS 1.0 and 1.1.
When users access one website, using these old certificates, will see a notification saying "Your connection is not completely secure".
Its users Chrome Enterprise can enable support for TLS 1.0 and 1.1 until January 2021.
Chrome 84 warns of mixed content downloads
In April 2019, Google said it planned to block mixed content downloads (files delivered over an insecure HTTP connection, initially starting from HTTPS sites).
In previous versions of Google Chrome, the Google had an error when starting these types of downloads.
In Chrome 84, a warning when a mixed content download starts, which will state that "the file can not be downloaded securely".
Block notifications from fraud sites
Many malicious sites display alerts and try to trick users into registering.
Once a user accepts these notifications, they will be bombarded with unwanted content for dating sites, fake gifts, malicious Chrome extensions and even malware.
In Chrome 84, a warning for these malicious alerts will appear.
New APIs releaseds for developers
Chrome 84 has many new APIs that allow developers to interact with the operating system system to a greater extent and increase browsing performance. One of them is the QuicTransport API.
Its API QuicTransport will allow web applications to connect to servers using the low performance and two-way transmission of the QUIC protocol.
This protocol allows applications to send and receive data in a reliable and unreliable manner using UDP packets.
Low-latency allows developers to create two-way tunnels between a web application and a server, with increased performance.
Chrome 84: New version fixes 38 vulnerabilities
Chrome 84 also fixes 38 vulnerabilities security:
|Critical||CVE-2020-6510||Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-07-08|
|High||CVE-2020-6511||Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin on 2020-04-24|
|High||CVE-2020-6512||Type Confusion in V8. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2020-05-20|
|High||CVE-2020-6513||Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2020-06-04|
|High||CVE-2020-6514||Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2020-04-30|
|High||CVE-2020-6515||Use after free in tab strip. Reported by DDV_UA on 2020-05-14|
|High||CVE-2020-6516||Bypass policy in CORS. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2020-06-08|
|High||CVE-2020-6517||Heap buffer overflow in history. Reported by ZeKai Wu (@hellowuzekai) of Tencent Security Xuanwu Lab on 2020-06-16|
|Medium||CVE-2020-6518||Use after free in developer tools. Reported by David Erceg on 2019-07-20|
|Medium||CVE-2020-6519||Bypass policy in CSP. Reported by Gal Weizman (@WeizmanGal) of PerimeterX on 2020-03-25|
|Medium||CVE-2020-6520||Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-08|
|Medium||CVE-2020-6521||Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia (University of Illinois at Chicago), Jason Polakis (University of Illinois at Chicago) on 2020-04-27|
|Medium||CVE-2020-6522||Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence of Microsoft on 2020-02-13|
|Medium||CVE-2020-6523||Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-05-08|
|Medium||CVE-2020-6524||Heap buffer overflow in WebAudio. Reported by Sung Ta (@ Mipu94) of SEFCOM Lab, Arizona State University on 2020-05-12|
|Medium||CVE-2020-6525||Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-06-05|
|low||CVE-2020-6526||Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston on 2020-04-24|
|low||CVE-2020-6527||Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen of andsecurity.cn on 2019-08-10|
|low||CVE-2020-6528||Incorrect security UI in basic auth. Reported by Rayyan Bijoora on 2020-03-22|
|low||CVE-2020-6529||Inappropriate implementation in WebRTC. Reported by kaustubhvats7 on 2019-06-26|
|low||CVE-2020-6530||Out of bounds memory access in developer tools. Reported by myvyang on 2019-10-21|
|low||CVE-2020-6531||Side-channel information leakage in scroll to text. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-01-17|
|low||CVE-2020-6533||Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2020-04-11|
|low||CVE-2020-6534||Heap buffer overflow in WebRTC. Reported by Anonymous on 2020-04-20|
|low||CVE-2020-6535||Insufficient data validation in WebUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-04-22|
|low||CVE-2020-6536||Incorrect security UI in PWAs. Reported by Zhiyang Zeng of Tencent security platform department on 2020-05-09|