New Chrome Browser 78 Version Released
It is available to download for Windows, macOS, Linux, Android, ChromeOS, and iOS.
Chrome 78.0.3904.70 contains many security fixes and improvements with faster performance.
Change logs are here
What’s New Features
- Customization Menu for New Tab Page
- Password Checkup extension Support
- DNS over HTTPS trials
- Forced Dark Mode
- Tab Hover Cards
Previously, password checkup extension tells about if their passwords had been leaked in public breaches, now the extension available in this chrome browser version.
You can turn on Password Checkup from your chrome browser as follow
DNS Over HTTPS (DoH)
The idea is to bring the key security and privacy benefits of HTTPS to DNS, which is how your browser is able to determine which server is hosting a given website. For example, when connected on a public WiFi, DoH would prevent other WiFi users from seeing which websites you visit, as well as prevent potential spoofing or pharming attacks.
Tab Hover Cards
The features to help users who open several tabs. It gives the information about the tab details when hovering on it.
XSS Auditor Removed
Google developers have removed the Old XSS Auditor, which was available since chrome V4.
The XSS Auditor can introduce cross-site information leaks and mechanisms to bypass the Auditor are widely known.
How to Update?
To update Chrome Browser 78 Version, Go to Settings – Help – About Google chrome.
It will check automatically for new update and install or directly download from google.com/chrome
Fixes 37 Security Flaws
Chrome 78 updates with 37 Security Fixes and given $58,000 USD bounties to researchers as follow
- [$20000] High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06
- [$15000] High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28
- [$1000] High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27
- [$5000] Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois ([email protected]) and Edward Torkington ([email protected]), NCC Group on 2019-08-06
- [$3000] Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12
- [$3000] Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05
- [$2000] Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30
- [$2000] Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05
- [$1000] Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01
- [$1000] Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13
- [$1000] Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18
- [$500] Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18
- [$500] Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20
- [$500] Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16
- [$N/A] Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13
- [$2000] Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10
- [$500] Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent’s Xuanwu Lab on 2017-08-31
- [$500] Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19
- [$N/A] Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent’s Xuanwu Lab on 2018-05-03
- [$N/A] Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20
- [$N/A] Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31