Categories
News

Chrome 83 released with massive security and privacy upgrades | #firefox | #chrome | #microsoftedge | #education | #technology | #infosec


Google has released Chrome 83 today, May 19th, 2020, to the Stable desktop channel, and it includes massive security and privacy enhancments as well as some long awaited features.

In this massive release, users are getting a redesigned Privacy and security settings section, better control over cookies, a new Safety Check feature, improved DoH settings, new Enhanced Safe Browsing feature. Tab Groups, and more.

With Chrome 83 now being promoted to the Stable channel, Chrome 84 will soon be promoted to the Beta version, and Chrome 85 will be the Canary version.

As you may have realized, Google did not release Chrome 82, and instead decided to skip that version due to the pandemic and roll all of its changes into Chrome 83.

Windows, Mac, and Linux desktop users can upgrade to Chrome 83 by going to Settings -> Help -> About Google Chrome. The browser will then automatically check for the new update and install it when available.

Massive security overhaul for Chrome users

While Google fixes security vulnerabilities in every release of the Chrome browser, most of these security improvements are made behind the scenes.

With this release, Google Chrome 83 has completely overhauled the user-facing security protections with numerous improvements that aim to help users secure their data, stay safe online, and increase their privacy.

It is important to note that most of the improved security features will be rolling out to users over the next couple of weeks.

If you do not see them immediately, be patient as they will be eventually enabled in your browser.

Easier security and privacy controls

All of the privacy and cookie settings have been reorganized to make it easier to find and configure the browser for enhanced privacy.

The sync controls are now renamed to “You and Google” and allow you to specify what data you share with Google to store in your Google account and what data is synchronized between devices.

To make it easier to clear your browsing history, Google has also moved the ‘Clear browsing data’ option to the top of the ‘Privacy and security’ settings section to make it more accessible.

The biggest change, though, is a completely redesigned cookie management interface that gives easier control over what cookies you will allow.

New cookie controls
New cookie controls

Finally, Google will block third-party cookies by default in Incognito mode.

“While we continue to work on our long-term effort to make the web more private and secure with Privacy Sandbox, we want to strengthen the Incognito protections in the meantime. In addition to deleting cookies every time you close the browser window in Incognito, we will also start blocking third-party cookies by default within each Incognito session and include a prominent control on the New Tab Page. You can allow third-party cookies for specific sites by clicking the “eye” icon in the address bar,” Google announced.

New Safety check feature in Chrome 

Google has added a new ‘Safety check’ feature that will perform a checkup of the browser and your saved data to make sure it is secure and has not been compromised.

New Safety check feature

As part of this Safety check, Google Chrome will check if any of your saved credentials were compromised in a data breach, if you’re using the latest version of the browser, if Safe Browsing is enabled, and if you have any malicious extensions installed.

Secure DNS: Redesigned DNS-over-HTTPS (DoH) settings 

Chrome has redesigned its DNS-Over-HTTPS settings in a new dedicated ‘secure DNS’ section under Privacy and security > More.

Using this new interface, a user can enable DoH and use it with their existing DNS provider, if available, or select one that is preconfigured in Google Chrome.

New secure DNS DoH settings

You can then choose from Custom providers or preconfigured Google (Public DNS), Cloudflare (1.1.1.1), CleanBrowsing (Family Filter), or Quad9 (9.9.9.9) DoH providers.

Enhanced Safe Browsing Protection released

The final security feature in Chrome 83 is the introduction of a new opt-in ‘Enhanced safe Browsing Protection’ mode.

When enabled, Google will perform real-time checks of URLs that you visit to check for known threats. 

As Safe Browsing normally checks against a local database of malicious URLs and files, by using a real-time check, you gain better protection from the latest known malicious web sites and malicious software.

“If you turn on Enhanced Safe Browsing, Chrome proactively checks whether pages and downloads are dangerous by sending information about them to Google Safe Browsing.  If you’re signed in to Chrome, then Chrome and other Google apps you use (Gmail, Drive, etc.) will further protect you based on a holistic view of threats you encounter on the web and attacks against your Google Account. Over the next year, we’ll be adding even more protections to this mode including tailored warnings for phishing sites and file downloads, and cross-product alerts,” Google stated in their blog post.

Always show full urls option

In Chrome 79, Google removed what they call trivial subdomains or special-case subdomains from the URLs displayed in Chrome’s address bar.

Many, though, prefer to see a full URL of a web page they are visiting in the address bar.

With the release of Chrome 83, users can now enable a ‘Context menu show full URLs’ flag that lets you enable the showing of full URLs when browsing the web.

To enable this feature, go to chrome://flags/#omnibox-context-menu-show-full-urls and enable the feature. Once enabled, and the browser is restarted, you can right-click on the address bar and a new option can be checked titled ‘Always show full URLS’.

Show full URLs context menu

Tab groups have arrived

Google has been testing a new feature called ‘Tab Groups’ that allows you to add various tabs to a named group so that they are better organized.

These groups can then be moved around as one item or sent to another window.

This feature is now live in Google Chrome 83.

Chrome Tab Groups

New browser extensions menu

To add more real estate to the Chrome toolbar, Google has moved the extensions into a new drop-down menu accessed through a new jigsaw puzzle icon.

When you click on this puzzle icon, a menu will drop down listing all of your extensions and allows you to manage them.

New extensions menu

Each extension will then have a dedicated submenu where you can remove it, configure its options, or pin it to the toolbar.

As you can see, this is a huge Google Chrome update that adds numerous features to make the web browser experience more secure.

As many of these features are still rolling out, please do not be concerned if you do not see them immediately.

38 security vulnerabilities fixed

The Chrome 83 release fixes 38 security vulnerabilities, with the following discovered by external researchers:

CVE ID Description Classification
CVE-2020-6465 Use after free in reader mode. High
CVE-2020-6466 Use after free in media. High
CVE-2020-6467 Use after free in WebRTC. High
CVE-2020-6468 Type Confusion in V8. High
CVE-2020-6469 Insufficient policy enforcement in developer tools. High
CVE-2020-6470 Insufficient validation of untrusted input in clipboard. Medium
CVE-2020-6471 Insufficient policy enforcement in developer tools. Medium
CVE-2020-6472 Insufficient policy enforcement in developer tools. Medium
CVE-2020-6473 Insufficient policy enforcement in Blink. Medium
CVE-2020-6474 Use after free in Blink. Medium
CVE-2020-6475 Incorrect security UI in full screen. Medium
CVE-2020-6476 Insufficient policy enforcement in tab strip. Medium
CVE-2020-6477 Inappropriate implementation in installer. Medium
CVE-2020-6478 Inappropriate implementation in full screen. Medium
CVE-2020-6479 Inappropriate implementation in sharing. Medium
CVE-2020-6480 Insufficient policy enforcement in enterprise. Medium
CVE-2020-6481 Insufficient policy enforcement in URL formatting. Medium
CVE-2020-6482 Insufficient policy enforcement in developer tools. Medium
CVE-2020-6483 Insufficient policy enforcement in payments. Medium
CVE-2020-6484 Insufficient data validation in ChromeDriver. Medium
CVE-2020-6485 Insufficient data validation in media router. Medium
CVE-2020-6486 Insufficient policy enforcement in navigations. Medium
CVE-2020-6487 Insufficient policy enforcement in downloads. Low
CVE-2020-6488 Insufficient policy enforcement in downloads. Low
CVE-2020-6489 Inappropriate implementation in developer tools. Low
CVE-2020-6490 Insufficient data validation in loader. Low
CVE-2020-6491 Incorrect security UI in site information. Low



Source link