By Click&Clean - Tuesday, August 9, 2022. Six weeks after the major release of Chrome 103, on Tuesday, August 2, Google rolled out a new version 104 of the Chrome web browser to the stable channel for all main desktop and mobile platforms.
Google Chrome 104 is a security update, so while mobile users must wait for the new version to be upgraded to their devices, desktop users can manually initiate its installation on their devices right now, which is highly recommended.
The latest Chrome 104 fixed 27 security bugs, including 7 high-severity bugs, 15 medium-risk flaws, and 5 issues assessed as low-risk vulnerabilities. Here's a list of high- and medium-risk security issues that have been patched in Chrome 104:
Use-after-free issue in Omnibox (CVE-2022-2603), Safe Browsing (CVE-2022-2604), Managed devices API (CVE-2022-2606), Tab Strip (CVE-2022-2607), Overview Mode (CVE-2022-2608), Nearby Share (CVE-2022-2609), Input (CVE-2022-2613), Sign-In Flow (CVE-2022-2614), Extensions API (CVE-2022-2617), WebUI (CVE-2022-2620), Extensions (CVE-2022-2621), and Offline (CVE-2022-2623) – This vulnerability could have devastating consequences ranging from valid data corruption to the execution of malicious code on a compromised vulnerable system.
Out-of-bounds read in Dawn (CVE-2022-2605) - This security bug allows a remote cyber-attacker to trick the user into visiting a malicious web page, then trigger an out-of-bounds read error and crash the web browser.
Insufficient policy enforcement in Background Fetch (CVE-2022-2610) and Cookies (CVE-2022-2615) – This security vulnerability allows a remote cyber-attacker to bypass implemented security restrictions and gain access to the user's personal data.
Inappropriate implementation in Full Screen API (CVE-2022-2611) and Extensions API (CVE-2022-2616) - This security flaw allows vulnerability allows a remote cyber-attacker to gain access to the user's sensitive information when the user visits a specially crafted malicious web page.
Side-channel information leakage in Keyboard Input (CVE-2022-2612) – The vulnerability allows a remote cyber-attacker to gain access to sensitive information by tricking the user into visiting a malicious page.
Insufficient validation of untrusted input in Internals (CVE-2022-2618), Settings (CVE-2022-2619), and Safe Browsing (CVE-2022-2622) – Due to insufficient validation of user-supplied input in Settings in Google Chrome, the vulnerability allows a remote cyber-attacker to gain access to sensitive data, if the user visits a malicious page.
Heap buffer overflow in PDF (CVE-2022-2624) – This security vulnerability often leads to security errors that allow a cyber-attackers to cause arbitrary code execution and even a system crash.
This new feature, which native apps have had for a long time, allows websites and online applications to place full-screen content or pop-up windows on separate screens with just a single click from the user.
Another new feature for web applications is called Region Capture, which allows you to crop and omit certain parts of the screen before you record or share them. For example, this can be useful for hiding the video conference controls during screen sharing.