Actually, one had expected the new Google Chrome last night, but security gaps in version 89 had only been fixed. Now Google has updated the stable version of the Chrome browser to version 90 (90.0.4430.72).
On April 14, 2021, Google released a new version of Chrome 90 Stable with security improvements, a new AV1 encoder, and switching to HTTPS as the default protocol.
In total, Google has plugged 37 security holes, six of which were rated as "high". This high number of fixed security vulnerabilities also came about through the Pwn2Own 2021 competition. There, loopholes were found in many programs that now need to be closed.
The new version of Chrome was originally supposed to be released on April 13, but Google decided to delay the release a bit to fix the zero-day vulnerability.
All Chrome channels received updates: Chrome Stable to version 90, Chrome Beta to version 91, and Chrome Canary to version 92.
The update is delivered automatically for Windows, Mac and Linux users. To check your Google Chrome version, go to Menu => Help => About Google Chrome Browser or chrome://settings/help. If an update is available, the browser will download and install the latest version.
A selection of changes in the new Chrome 90
- HTTPS is now the standard protocol. For example, if you enter tekfiz.com in the address bar, the more secure https page is automatically called up and no longer the http page.
- Additional protection against NAT Slipstreaming attacks has been improved in this update.
- The AV1 encoder has now been integrated into Chrome, which has better compression than the old VP9 codec and thus also saves bandwidth with better quality.
- The Google Tab search is now being rolled out to everyone. If you have many tabs open, you can quickly find a tab using the tab search.
1. HTTPS has become the default protocol
With the release of Chrome 90, any URL without a protocol specified in the address bar will automatically use an HTTPS connection.
For example, if you type example.com in the address bar of your browser, then before Google Chrome first tried to connect to the URL using the http: // protocol.
In Chrome 90, Google switched the default protocol to https: // to increase security when browsing the web. In addition, since many sites redirect HTTP connections to HTTPS connections, this change will improve the loading speed of sites because the redirection will no longer be performed.
However, there are some exceptions. On the official blog, Google notes that "IP addresses, Single Label domains and reserved hostnames such as test / and localhost / will continue to use HTTP by default."
This change is being rolled out to Chrome users over time, so it may not be available to everyone at once.
2. Protection against NAT Slipstreaming attacks
Chrome 90 has received additional protection against NAT Slipstreaming attacks. The browser now blocks FTP, HTTP and HTTPS connections on port 554.
NAT Slipstreaming attacks rely on tricking a router's Application Layer Gateway (ALG) connection tracking mechanism. In this way, attackers can gain access to any port on the internal network, which allows them to gain access to services protected by the router.
Initially, this port was blocked to prevent attacks, but numerous requests from Google developers had to open it.
After conducting a detailed analysis, the company determined that port 554 is only used for approximately 0.00003% of all requests. As a result, Google is blocking it again.
3. New AV1 encoder
Chrome 90 introduces a new AV1 encoder that offers improved performance in video conferencing scenarios using WebRTC.
Google highlights the following benefits of the new encoder:
- Better compression efficiency compared to other types of video encoding, reduced bandwidth consumption and improved visual quality.
- Receiving a video stream for users with very slow Internet connections (quality 30 kbps and below).
- Significantly improved screen sharing performance over VP9 and other codecs.
4. Search by tabs
In Chrome 90, Google continues to deliver a new tabbed search feature. Now more users will get the new default functionality without having to activate it using a flag.
The tabbed search feature allows you to search through all open browser windows to find a specific page.
If you often have to work with dozens of tabs, then the task of finding a specific page among all open browser windows may not be easy.
Now all you have to do is click on the little down arrow to the right of the tabs and search for a specific keyword that will be found in the page title or URL. Chrome will then display a list of open tabs that match the request and allow you to quickly navigate to the desired tab.
Improvements for developers
- Chrome 90 introduces many new APIs and changes for developers. Let's list the main improvements:
- Feature Policy API has been renamed to Permissions Policy.
- Implemented a new way to use Shadow DOM directly in HTML.
- Added support for read-only files in the clipboard.
- Improved WebAssembly exception handling.
- URL Protocol Handling: Added new restrictions on file URLs.
- Added support for WebXR Depth API.
- Added support for the WebXR Lighting Estimation API.
Info and download:
- chromereleases.googleblog.com (The description for the individual security vulnerabilities will only be released later, when the release has already been distributed to most of the people.
- blog.google/chrome/
- google.com/chrome/
0 Comments