English

Wholeheartedly Provide You With The Best Service

View All Products

Fast & Safe Delivery Worldwide

View All Products

100% Eco-Fiendly Material

View All Products

Google Chrome 102 update patches 32 security issues (one critical) - gHacks Tech News

2022-05-28 01:27:28 By : Ms. JIll Wang

Google published updates for the company's Chrome web browser on May 24, 2022. The desktop version updates address security issues in the web browser.

The Chrome team is delighted to announce the promotion of Chrome 102 to the stable channel for Windows (102.0.5005.61/62/63), 102.0.5005.61 for Mac and Linux. Chrome 102 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

Chrome 102 for desktop systems and mobile systems is available already. Google rolls out updates over time to the entire population. Desktop users who use Chrome can speed up the installation of the update to patch the security issues early.

Selecting Menu > Help > About Chrome displays the version of the browser that is installed. Chrome runs a check for updates when the page is opened; it should pick up the new version and install it automatically.

Chrome on Android updates rely on Google Play, which means that there is no option to speed up the upgrade on Android.

Google makes no mention of security issue fixes in the Android and iOS releases of the web browser.

Google Chrome 102 is available as a stable channel version and extended stable channel version. Stable versions are upgraded every 4 weeks, extended stable versions every 8 weeks.

The update includes a total of 32 security fixes. One issue has the highest severity rating of critical, several others a rating of high. The critical security issue is described as " Use after free in Indexed DB" and filed under CVE-2022-1853.

Google makes no mention of attacks in the wild.  Chrome users should upgrade to the latest version quickly to protect their browsers against potential attacks targeting the new vulnerabilities

Google lists 12 features that were added, removed or improved in Chrome 102 on the Chrome Status website. Most changes are of interest to developers only.

Descriptions of the changes are available on the Chrome Status website.

Now You: do you use Chrome? When do you update your browsers?

Chrome update 102.0.5005.63 breaks uBlock Origin.

I’m sorry, this is not related specifically to uBlock Origin, something is wrong with hovering links, and this also affects uBlock Origin settings page.

Disabling hardware acceleration fixes the issue.

No flag to disable the USELESS sidepanel icon?

Go to > chrome://flags/#side-panel and disable side panel icon.

Nagivate to #side-panel and disable.

Q: No flag to disable. A: Go to > chrome://flags/#side-panel

No such flag exists anymore. On Ungoogled Chromium. No one in their right mind uses Chrome.

Will depends what version you using.

The version 101.0.4951.64 have Side Panel flag.

Now there’s a sad comeback if I ever saw one..

Number 1 in the world *chuckles*

I update Chrome Stable the day it is available. After restarting to activate 102.5005.63, you are shown Chrome secure webpage ‘ chrome://whats-new/ ‘ which describes interesting new function.

As predicted by https://www.reddit.com/r/chrome/comments/tyd0zl/chrome_for_windows_will_let_you_reorder_tabs_with/ , you can use a shortcut to reorder tabs in Chrome 102.0.5005.63 Stable. It is left/right (control + shift + page up/down) .

Leaks like a sieve good sir.!.. Patch,patch and more patches to this leaking codebase.

Secure.???..hmm on the fence (chuckles).

Name a more secure browser then. And don’t make me chuckle while you do.

We both know that the high number of Chromium security issues comes from the burden of being the leader, i.e. when you have 80% market share finding security issues becomes a very valuable undertaking. Who cares about 3% market share Firefox? Answer: Nobody, does not mean it is more secure because of that. Irrelevancy is not the same as security.

>Name a more secure browser then Not Chrome.

I didn’t ask for mocking my nick, I asked for a more secure browser, and am still waiting,

~10% desktop market share. who cares about people smearing screens with their fastfood fingers? the rest of this defensive marketing ploy, touché, enjoy leadership.

>Eat [word] billions of flies can’t be wrong!

> ~10% desktop market share. who cares about people smearing screens with their fastfood fingers?

Websites are flexible today as far as their layout is concerned. You don’t code the same website twice anymore, once for desktop and once for mobile like in the good old days… As far as a web developer coding a website is concerned, Firefox sits at 3%, not 10%.

> the rest of this defensive marketing ploy, touché, enjoy leadership.

Here, the reality of Firefox’s security, an analysis that doesn’t just claim that Firefox is wannabe-secure based on its irrelevancy, but rather compares the base code of each browser: https://madaidans-insecurities.github.io/firefox-chromium.html

> Eat [word] billions of flies can’t be wrong!

Hm, both Chrome and Firefox can be downloaded free of charge. So if Chrome is a pile of shit, yet is still much preferred over Firefox, what does that mean for FF? Is Firefox an even bigger turd then? I guess so. As far as I am concerned, Firefox died in 2017 when they adopted Chromium’s extension APIs. There is not one good, non-ideological reason to use it over a Chromium-based browser.

Thank link looks citing very outdated sources. Do you have something more tangible and up to date?

>We both know that the high number of Chromium security issues comes from the burden of being the leader, i.e. when you have 80% market share finding security issues becomes a very valuable undertaking

I’d say it’s more due to their deliberate and ongoing process from day one of turning the browser from an application used to view remote documents that had *some* interactivity through Javascript into complete virtual machines emulating every damn feature provided by the OS from gamepad support to Dolby sound (seriously?!) – for bloated web applications that have ditched HTML almost completely to render everything with JS. The bigger the codebase, the bigger the attack surface. Firefox also faces this same issue on a smaller scale, both as a result of trying to turn the browser into an operating system substitute.

Yes, supporting every feature imaginable is of course widening the attack surface. In that sense, if you hardly support anything, you are technically more secure at the expense of usability. An example for this are command line browsers like Lynx.

However, Firefox and Chromium support roughly the same set of features. Firefox is currently irrelevant with 3% market share and is not as juicy a target as Chromium with its 80% market share. Thus, fewer eyes are on the code and the nominal (not actual!) number of security issues is driven down. However, we do know that Firefox lacks several important exploit mitigations and is, as far as the actual codebase is concerned, even easier to exploit than Chromium. The fanboys here who say or imply that Firefox is more secure due to a lower nominal number of security issues (due to its irrelevancy, not the security of the base code) are liars who want to promote their product. Sick of it.

@iron heart. Why do you keep linking to the same site all the time when defending chrome and criticizing firefox.You’re going to have to do better than that.

chromium is the new adobe flash .. welcome to patch days-ending-in-a y

Yeah, because the competition is so much better here. /s

There is no browser that is more secure than Chromium. Irrelevancy is not the same as security, FF is lacking several important exploit mitigations and is even easier to hack.

> There is no browser that is more secure than Chromium

How many times do we need a spammed link to a seven year old article by a one-eyed disgruntled-with-mozilla-and-tor-project developer with a chip on his shoulder (he got in a public spat with a moz dev), who is being an absolute purist in the strictest sense of the word. Security patches do not work in isolation, security is many layered and cannot really be quantified as a whole

For all intents and purposes, all three desktop engines are very secure considering all they do, and within 0.00001% of each other. i.e 99.99999% of users will never get bitten.

Also, size of the userbase !== more secure either. There is only so much scrutiny, fuzzing, linting etc that can be done. Just because chromium has 10x more users, does not mean it is built 10x better. Mozilla are just as capable in this regard. And once you have x amount of users, targets are always juicy. If Firefox was such as easy weak target, then why aren’t there more zero-days and CVEs. The answer is because, it’s secure, as in multi-layered, and not only in the same ball park as chromium, but practically twins

If anything, chromium’s excessive amount of zero days the last two years and lack of fixing C/C++ issues, as planned for years, is a concern.

PS: Am enjoying my very private, fully network partitioned, fully site data partitioned, navigational tracking blocked, secure Firefox

this is what hackernews thinks of madaidan, with some snippets quoted below

https://news.ycombinator.com/item?id=26954225 > So, all the security features that he considers large holes haven’t been used to mount successful attacks, but the ones he considers “not substantial” are the ones that have been used for the real 0-days. > It seems the “threat model” was “if Chrome has it, it must be important” and “if Chrome doesn’t have it, it must be useless”. You cannot do a serious security analysis this way, it’s like looking at a list of feature checkboxes to choose a product. But in this case it’s even worse because we only look at the checkboxes vendor G has ticked.

https://news.ycombinator.com/item?id=25595998 > That article is comes from an extremely naive security posture

Here is a real security engineer not being one-eyed, read the link (below is a part quote) https://old.reddit.com/r/firefox/comments/lbu6q2/why_do_people_say_chromiums_sandbox_is_better/glxjrjg/ > “How does that wash out in the end? It’s really hard to say and pretty much impossible to quantify.”

Madaidan’s assertion is pathethic

Spamming ghacks comments in every Firefox article with the same nonsense gibberish and uneducated understanding and interpretations, is fast becoming a meme

Many people need their nemesis, for some people it is Mozilla and other people attack minorities.

Also I smell a massive fallacy that anyone inside here, literally anyone is important enough for a nation state or a hacker burning their brand new 0day on them. Unless you are a bitcoin billionaire or you have the most morally reprehensible predilections, then nobody will try to ahck you and escape your sandbox.

On the internet we are all 3l33t c0d3rs and dream of CIA spooks hunting us down. No one literally cares for us. There is no epic conspiracy. We are not Assange, Manning or Snowden.

Apparently, someone likes to play this game. Let’s see what some people think of Madaidan’s article

John Wu: >This is very true. During my masters studies, Chromium’s strong security mitigations and sandboxing are one of the reasons that ruined my research project LMAO. Should’ve picked Firefox at that time…

Kmkz Security: >An article that enumerates a number of security weaknesses in Firefox’s security model when compared to Chromium.

Chris Rohlf: >It’s been ages since I last looked at Firefox but I know there are smart people actively working on these things. Another way to interpret this writeup is just how expensive and difficult it is to harden a target like a web browser. You need a large team dedicated to it.

Oh, and these are pretty well known researchers in the infosec community, not 2 random people on Hacker News and a former Mozilla employee :)

https://nitter.net/topjohnwu/status/1455606288419733505 https://nitter.net/kmkz_security/status/1455487173164216325#m https://web.archive.org/web/20211102152329/https://twitter.com/chrisrohlf/status/1455549993536966671

Fairly easy cherry picking game: You just enter the link in Twatter and cherry pick people with your opinion. At no single point they take stance to the current day situation. It’s the same circle jerk of 2015/2016/2017 old links being approved 6 years later in 2021 without critical analysis of the current situation. You might as well quote the Bible or ask a priest.

> John Wu: Should’ve picked Firefox at that time

not talking about at that time, years ago

> Kmkz Security: An article that enumerates

no one is arguing about enumeration of differences

> Chris Rohlf: It’s been ages since I last looked at Firefox

> these are pretty well known researchers in the infosec community, not 2 random people on Hacker News and a former Mozilla employee

they’re just as random as your irrelevant and outdated sources. That mozilla employee, worked in the security team which to use your quote is “smart people actively working on these things”

Totally ignoring the point made that evaluating overall security is subjective, and instead making up strawmen. Enumerating differences is not the point – but important, because it shows where the defense can be hardened.

And on that point, the article is often biased, for example, Rust (10% of the code base) in gecko is pointless because “lets make up some lame reason”, but chromium planning to use Rust (planning, not even used) is great. So strike one against gecko and a bonus point for chromium

madadian is clearly one eyed in his interpretation, no-one ever said the enumeration of differences was at fault.

IH is right. Do not believe your lying eyes. Windows 11 is the best OS ever, the only reason it has more vulnerabilities than Windows 7 is because Windows 11 is so much more popular. Chromium has no connection to Google. Chromium is actually secretly made by Mozilla, that is why is has so many vulnerabilities. The moon landings were fake, they were faked by Mozilla so you do not notice how insecure their browser is.

Thanks for making me laugh. Atleast someone understands the joke behind every IH paragraph. That guy is delusional.

By your logic Linux would be irrelevant as well. The bigger number doesn’t make something else bigger.

Linux is nice with it’s 2.54%

Yes, next year Chrome will start recommending everyone to stop using Chrome. You will be redirected to sites where you can install Chrome and start using that instead.

For those who use keyboard shortcuts frequently, version 102 of Chrome introduces the option to reorder tabs with keyboard shortcuts:

https://redd.it/tyd0zl

This option will also be available in the stable version of Edge once it is updated to version 102:

Which vpn extension should i use cyberghost or zenmate?

Save my name, email, and website in this browser for the next time I comment.

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

Featured Products

News & Blog