Friday, April 12, 2024

Chrome 78 Released: Added DNS-Over-HTTPS, Dark Mode and Fixed 37 Security Vulnerabilities

Google released Chrome 78 with the various new feature, improvements such as dark mode and fixes for 37 security vulnerabilities that affected the earlier version of Chrome.

Chrome 78.0.3904.70, a stable channel now available for Android, Windows, Mac, and Linux. Google scheduled to roll out Chrome 79 on October 31 as a Beta version.

Google added and removed various features in this Chrome 78 update including Close other tabs” option removed, DNS-Over-HTTPS (DoH) Trial, Forced Dark Mode experiment, Integrated Password Checkup Tool and more.

DNS-Over-HTTPS (DoH) Trial

Google announced DNS-over-HTTPS on September 10 and planned to launch Chrome 77. Due to some technical issues, the release postponed to Chrome 78.

DoH brings strong privacy for Chrome users and it runs on all supported platforms except Linux and iOS.

By enabling DoH, all DNS resolutions occur over an encrypted channel, helping to further safeguard user security and privacy.

For example, when we connected on a public WiFi, DoH would prevent other WiFi users from seeing which websites you visit, as well as prevent potential spoofing or pharming attacks.”

Google experimented with the DoH in the following providers.

  • Cleanbrowsing
  • Cloudflare
  • DNS.SB
  • Google
  • OpenDNS
  • Quad9

Forced Dark Mode experiment

Google added Forced Dark mode feature in this update and the user can enable dark mode for any website.

You can enable the “Force Dark Mode for Web Contents” flag at chrome://flags/#enable-force-dark and choose “Enabled with selective inversion of non-image elements” that works in a better way.

“Close Other Tabs” Option Removed

Google removed “Close other tabs” options along with other options including ”  ‘Reopen closed tab’, ” ‘New tab’ “, and added the ”  “New tabs to the right”.

Old Version options
New version options

37 Security Vulnerabilities

Totally, 37 security vulnerabilities are fixed. here some fixed vulnerability details reported by external security researchers.

High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team
High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team
High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27
Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois ([email protected]) and Edward Torkington
Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12
Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05
Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera
Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk
Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo
Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani 
Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn
Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod 
Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg 
Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping 
Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg 
Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research
Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent’s Xuanwu Lab
Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman 
Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent’s Xuanwu Lab 
Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani
Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani

How to Update

Steps to update for Windows, Mac, and Linux desktop users

  1. Open Chrome browser
  2. Head to Settings
  3. Expand help
  4. About Google Chrome
  5. The browser will process the update

Android and iOS users can update the Chrome browser app from their respective App stores.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Taxi App Vendor Data Leak: 300K Passengers Data Exposed

Around 300,000 taxi passengers' personal information was left exposed on the internet, causing concern...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles