Google released Chrome 78 with the various new feature, improvements such as dark mode and fixes for 37 security vulnerabilities that affected the earlier version of Chrome.
Chrome 78.0.3904.70, a stable channel now available for Android, Windows, Mac, and Linux. Google scheduled to roll out Chrome 79 on October 31 as a Beta version.
Google added and removed various features in this Chrome 78 update including Close other tabs” option removed, DNS-Over-HTTPS (DoH) Trial, Forced Dark Mode experiment, Integrated Password Checkup Tool and more.
DNS-Over-HTTPS (DoH) Trial
Google announced DNS-over-HTTPS on September 10 and planned to launch Chrome 77. Due to some technical issues, the release postponed to Chrome 78.
DoH brings strong privacy for Chrome users and it runs on all supported platforms except Linux and iOS.
By enabling DoH, all DNS resolutions occur over an encrypted channel, helping to further safeguard user security and privacy.
Google experimented with the DoH in the following providers.
Forced Dark Mode experiment
Google added Forced Dark mode feature in this update and the user can enable dark mode for any website.
You can enable the “Force Dark Mode for Web Contents” flag at chrome://flags/#enable-force-dark and choose “Enabled with selective inversion of non-image elements” that works in a better way.
“Close Other Tabs” Option Removed
Google removed “Close other tabs” options along with other options including ” ‘Reopen closed tab’, ” ‘New tab’ “, and added the ” “New tabs to the right”.
37 Security Vulnerabilities
Totally, 37 security vulnerabilities are fixed. here some fixed vulnerability details reported by external security researchers.
|High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team|
Buffer overrun in Blink. Reported by Man Yue Mo of
Semmle Security Research Team
URL spoof in navigation. Reported by David Erceg
|Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois ([email protected])
and Edward Torkington
|Medium CVE-2019-13703: URL bar spoofing. Reported
by Khalil Zhani on 2019-08-12
|Medium CVE-2019-13704: CSP bypass. Reported
by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05
|Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera|
|Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk|
|Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo|
|Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani|
|Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn|
|Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod|
|Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg|
|Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping|
|Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg|
CSS injection. Reported by Jun Kokatsu, Microsoft
Browser Vulnerability Research
Address bar spoofing. Reported by xisigr of
Tencent’s Xuanwu Lab
Service worker state error. Reported by Barron
Notification obscured. Reported by xisigr of
Tencent’s Xuanwu Lab
IDN spoof. Reported by Khalil Zhani
Notification obscured. Reported by Khalil Zhani
How to Update
Steps to update for Windows, Mac, and Linux desktop users
- Open Chrome browser
- Head to Settings
- Expand help
- About Google Chrome
- The browser will process the update
Android and iOS users can update the Chrome browser app from their respective App stores.