Chrome 74 Releases – Fixes 39 Security Bugs And Enable Dark Mode Feature

Google Chrome
Google Chrome

New version of Google chrome 74 released for Windows, Mac, Linux and Android Users.

To enable Dark Mode features in Chrome available for Windows 10.

By selecting the Dark default app just go to the settings – colors select “Dark” .

prefers-reduced-motion

Google chrome 74 introduces prefers-reduced-motion that allows websites to reduce motion on web pages based on operating system.

Some users have reported getting motion sick when viewing parallax scrolling, zooming, and other motion effects. To address this, many operating systems provide an option to reduce motion whenever possible.

Chrome now provides a media query, prefers-reduced-motion – part of Media Queries Level 5 spec, that allows you to detect when this option is turned on.

Feature Policy API Update

New feature policy updates that allow websites API to be used according to select enable, disable and modify the behavior.

Chrome 74 introduces a new set of APIs to check which features are enabled:

  1. You can get a list of features allowed with document.featurePolicy.allowedFeatures().
  2. You can check if a specific feature is allowed with document.featurePolicy.allowsFeature(…).
  3. You can get a list of domains used on the current page that allow a specified feature with document.featurePolicy.getAllowlistForFeature().

Chrome 74 Released

Chrome Version 74.0.3729.108 contains a number of fixes and improvements as following CVE’s.

  • [$3000][913320] High CVE-2019-5805: Use after free in PDFium. Reported by Anonymous on 2018-12-10
  • [$3000][943087] High CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu of SSLab, Georgia Tech on 2019-03-18
  • [$3000][945644] High CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud of Leviathan Security Group. on 2019-03-26
  • [$3000][947029] High CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer on 2019-03-28
  • [$N/A][941008] High CVE-2019-5809: Use after free in Blink. Reported by Mark Brand of Google Project Zero on 2019-03-12
  • [$2000+$1,337][916838] Medium CVE-2019-5810: User information disclosure in Autofill. Reported by Mark Amery on 2018-12-20
  • [$2000][771815] Medium CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04
  • [$2000][925598] Medium CVE-2019-5812: URL spoof in Omnibox on iOS. Reported by Khalil Zhani on 2019-01-26
  • [$2000][942699] Medium CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic of Cisco Talos on 2019-03-15
  • [$1000][930057] Medium CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138 on 2019-02-08
  • [$1000][930663] Medium CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas Grégoire, Agarri on 2019-02-11
  • [$1000][940245] Medium CVE-2019-5816: Exploit persistence extension on Android. Reported by Yongke Wang of Tencent’s Xuanwu Lab (xlab.tencent.com) on 2019-03-10
  • [$1000][943709] Medium CVE-2019-5817: Heap buffer overflow in Angle on Windows. Reported by Wen Xu of SSLab, Georgia Tech on 2019-03-19
  • [$500][929962] Medium CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian Tolbaru on 2019-02-08
  • [$N/A][919356] Medium CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat Mitin on 2019-01-06
  • [$N/A][919635] Medium CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07
  • [$N/A][919640] Medium CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07
  • [$500][926105] Low CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-01-29
  • [$500][930154] Low CVE-2019-5823: Forced navigation from service worker. Reported by David Erceg on 2019-02-08
  • [955186] Various fixes from internal audits, fuzzing and other initiatives

How to Update?

To update Chrome 74, Go to Settings – Help – About Google chrome.

It will check automatically for new update and install.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.
More from Priyanshu Sahay

Facebook Says Hackers Stole 30 Million Users Account

30 Million Facebook Users Account Hacked officially More Investigation is ongoing User’s...
Read More

Leave a Reply