Chrome Browser 78 Released With Fixes 37 Security Flaws

Google Chrome
Google Chrome

New Chrome Browser 78 Version Released

It is available to download for Windows, macOS, Linux, Android, ChromeOS, and iOS.

Chrome 78.0.3904.70 contains many security fixes and improvements with faster performance.

Change logs are here

What’s New Features

  • Customization Menu for New Tab Page
  • Password Checkup extension Support
  • DNS over HTTPS trials
  • Forced Dark Mode
  • Tab Hover Cards

Chrome 78

Previously, password checkup extension tells about if their passwords had been leaked in public breaches, now the extension available in this chrome browser version.

You can turn on Password Checkup from your chrome browser as follow

chrome://flags/#password-leak-detection

DNS Over HTTPS (DoH)

The idea is to bring the key security and privacy benefits of HTTPS to DNS, which is how your browser is able to determine which server is hosting a given website. For example, when connected on a public WiFi, DoH would prevent other WiFi users from seeing which websites you visit, as well as prevent potential spoofing or pharming attacks.

Tab Hover Cards

The features to help users who open several tabs. It gives the information about the tab details when hovering on it.

chrome://flags/#tab-hover-cards

 

XSS Auditor Removed

Google developers have removed the Old XSS Auditor, which was available since chrome V4.

The XSS Auditor can introduce cross-site information leaks and mechanisms to bypass the Auditor are widely known.

How to Update?

To update Chrome Browser 78 Version, Go to Settings – Help – About Google chrome.

It will check automatically for new update and install or directly download from google.com/chrome

Fixes 37 Security Flaws

Chrome 78 updates with 37 Security Fixes and given $58,000 USD bounties to researchers as follow

  • [$20000][1001503] High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06
  • [$15000][998431] High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28
  • [$1000][998284] High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27
  • [$5000][991125] Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois ([email protected]) and Edward Torkington ([email protected]), NCC Group on 2019-08-06
  • [$3000][992838] Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12
  • [$3000][1001283] Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05
  • [$2000][989078] Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30
  • [$2000][1001159] Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05
  • [$1000][859349] Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01
  • [$1000][931894] Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13
  • [$1000][1005218] Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18
  • [$500][756825] Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18
  • [$500][986063] Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20
  • [$500][1004341] Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16
  • [$N/A][993288] Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13
  • [$2000][982812] Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10
  • [$500][760855] Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-31
  • [$500][1005948] Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19
  • [$N/A][839239] Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent’s Xuanwu Lab on 2018-05-03
  • [$N/A][866162] Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20
  • [$N/A][927150] Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31

 

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Enterprise HTTP Security Inspection For Penetration Testing

The need for HTTP Security Inspection on Application Security Application Layer –...
Read More

Leave a Reply