By Click&Clean - Saturday, October 10, 2020. Google released a new stable version of Chrome web browser on October 6th, 2020, which will be rolled out gradually over the coming weeks to all Chrome users on Mac, Windows, Linux, iOS, and Android devices.Check Your Webcam Private and Secure Test …
This major upgrade contains 37 fixes for security vulnerabilities. These patches addressed 13 high-risk security vulnerabilities, 19 medium-severity issues, and 5 bugs that were identified as low-risk vulnerabilities.
Chrome 86 fixes one critical use-after-free vulnerability (CVE-2020-15967) in Chrome's payments component. This vulnerability could allow a remote attacker to execute arbitrary code and gain access to the user's operating system when the user visits a specially crafted malicious website.
Another high risk security issue was incorrect implementation in networking (CVE-2020-6557) in Google Chrome, which could allow a remote attacker gain access to the user's sensitive information when the user visited a specially crafted web page.
Several other high-risk vulnerabilities patched in Chrome 86 were also use-after-free flaws that affected Chrome's password manager (CVE-2020-15991), printing (CVE-2020-15971), audio (CVE-2020-15972), etc.
Successful exploitation of the most severe of these security vulnerabilities could allow an attacker to execute arbitrary code in the context of the Chrome web browser, view, modify, or delete data, and take control of impacted system. The vulnerabilities affected all previous versions of Google Chrome up to 86.0.4240.75
We strongly recommend that you don't wait and update your Chrome web browser to the latest stable version 86 right now by clicking the button above.
With this release, the Chrome Safety Check tool begins to support the ".well-known/change-password" standard. This allows Chrome's built-in password manager to display a quick "Change Password" button (chrome://settings/passwords/check) to help users quickly reset their password if a credentials has been compromised.
Another security-focused feature included in Chrome 86 is blocking downloading files and archives (e.g. .exe, .zip, .iso, etc.) via HTTP from pages that show HTTPS. When downloading a file or archive, the browser will display a warning that the file cannot be downloaded securely.
This useful feature, although not related to security, improves the loading of previously visited websites in the web browser, makes navigation back and forth extremely easy, super fast, and lag-free for the users.
Starting with Chrome 86 release, the browser will warn users about insecure web forms that load on HTTPS pages, but submit content over the non-encrypted HTTP protocol.
To combat one of the common phishing tactics, where attackers spoof people into thinking they are on a reputable website, Chrome 86 will only display the registrable domain in the address bar. For example, https://google-security.example.com/secure-login/ will appear to users only as example.com