Google releases Chrome 80

Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac and Linux. The update includes a number of fixes and improvements in the popular browser. The company also added a Chrome browser update for Android.

The Chrome 80 update includes fixes for 56 vulnerabilities.

A summary of the 10 High severity vulnerabilities found by external researchers and fixed in the latest Chrome release include:

  • CVE-2020-6381: Integer overflow in JavaScript.
  • CVE-2020-6382: Type Confusion in JavaScript.
  • CVE-2019-18197: Multiple vulnerabilities in XML.
  • CVE-2019-19926: Inappropriate implementation in SQLite.
  • CVE-2020-6385: Insufficient policy enforcement in storage.
  • CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite.
  • CVE-2020-6387: Out of bounds write in WebRTC.
  • CVE-2020-6388: Out of bounds memory access in WebAudio.
  • CVE-2020-6389: Out of bounds write in WebRTC.
  • CVE-2020-6390: Out of bounds memory access in streams.

Protection from insecure downloads

Google also announced that future versions of Chrome will provide protections against insecure file downloads. For instance, Chrome 82 (scheduled for April 2020 release) will start warning on mixed content downloads. Chrome 83 will then begin blocking executables that pose the biggest risk to users.

Subsequent versions of Chrome will then block other file types, as noted in Figure 1:

Figure 1: Google Chrome rollout plan

To add, Google plans the gradual roll-out to allow time for developers to update their sites and also minimize impact to users.

Chrome for Android update

Google also released Chrome 80 (80.0.3987.87) for Android.

In the latest update, Chrome for Android now includes new features, to include quieter notifications (via new permissions option) and SameSite cookies.

To add, a Secure media feature also ensures insecure audio and video (hosted on secure pages) are automatically upgraded to secure connections.