Category Archives: Google

Chrome 80.0.3987.149

Version 80.0.3987.149 of Google’s Chrome web browser is a security release. It includes fixes for at least thirteen security vulnerabilities.

Like most modern browsers, and many of Google’s software products, Chrome updates itself reliably, if somewhat unpredictably. This is arguably a good thing, as long as updates don’t break things and do improve security.

Regardless of your viewpoint on automatic updates, keeping your web browser up to date is critical if you use it to do any actual web browsing. Otherwise the risk of a drive-by malware infection is significantly higher.

To check the version of your Chrome browser, navigate its three-vertical-dots menu to Help > About Google Chrome. If there’s a newer version, you’ll see a button or link for installing it.

Chrome 80.0.3987.122

Three more security vulnerabilities are fixed in the latest Chrome, version 80.0.3987.122.

According to the release notes, one of the vulnerabilities fixed in Chrome 80.0.3987.122 is already being exploited ‘in the wild’ so anyone using Chrome should check their version and update immediately.

To determine whether you need to install the new version, navigate Chrome’s menu button () to Help > About Google Chrome. You’ll see the current version, and if a newer one is available, there should be a button that allows you to install it.

Chrome 80.0.3987.116

Sometimes when Google releases a new version of Chrome, the release announcement doesn’t mention any security fixes. That’s intentional:

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Chrome 80.0.3987.116 was announced on February 18, but the initial announcement didn’t include any mention of five security vulnerabilities that were fixed in that version. Those details were added a few days later.

Three of the vulnerabilities addressed in Chrome 80.0.3987.116 were reported to Google by third party security researchers.

To check your current version of Chrome, click its menu button (three vertical dots) and navigate to Help > About Google Chrome. If a newer version is available, you should see a button or link that allows you to install it.

Chrome 80.0.3987.87

The latest release of Google’s Chrome web browser, announced on February 4, includes fifty-six security fixes. As usual, details on all of the related vulnerabilities will not be released until a majority of users are updated with a fix.

The full change log for Chrome 80.0.3987.87 is a whopper, with over sixteen thousand changes in all. A little light reading for anyone with a few hours to spare. But hey, at this point if you don’t trust Google you probably shouldn’t be using Chrome. In the same way that you shouldn’t be using Windows 10 if you don’t trust Microsoft.

Chrome updates itself on its own mysterious schedule, unless you’ve taken extreme (and continuous) measures to prevent it. You can find out which version you’re running by navigating Chrome’s menu (hidden behind the three-vertical-dots menu button at the top right) to Help > About Google Chrome. If a newer version is available, you should see a button or link to install it.

Security improvements in Chrome

Google is rolling out some changes to the Chrome web browser that will improve security in several ways. The changes are being spread out across several updates, and exactly when they will arrive on your devices depends on some security-related settings.

Warnings about compromised passwords

When you enter a user ID and password on any web site using Chrome, the browser can check whether that combination is on a list of known-compromised IDs and passwords. Chrome started doing this earlier in 2019, but you had to install the Password Checkup extension to use it. A couple of months ago, Google added this feature to passwords stored in Google accounts, protecting anyone who logs into their Google account in Chrome.

What’s new is that this password protection is now built into Chrome itself, and will now protect all Chrome users by default, regardless of whether they are logged into their Google account.

According to Google, “You can control this feature in the Sync and Google Services section of Chrome Settings.” In my installation of Chrome (version 79.0.3945.88), there’s a new option: Warn you if passwords are exposed in a data breach.

Real-time protection against unsafe sites

Google’s Safe Browsing service provides a continuously-updated list of unsafe sites. When you visit a web site or download a file, Chrome checks the address (URL) against the Safe Browsing list. The file it checks is on your computer, and updated every 30 minutes.

Previously, only a local copy of the unsafe URLs list (updated every 30 minutes by Google) was checked. What’s changed is that a new safe URLs list (stored on your computer and updated by Google) is checked, and if the site you’re visiting isn’t listed as safe, Chrome then checks an unsafe URLs list hosted by Google.

This change allows Chrome to use the most up to date information when deciding whether to warn you about potentially unsafe sites.

You can control this behaviour in Chrome’s settings: Sync and Google Services > Make searches and browsing better.

Expanding predictive phishing protection

When you enter a username and password on a web site, Chrome can check whether you are on a suspected phishing site.

Previously, Chrome only performed this check when you entered Google Account credentials on a web site, and only with the Sync feature enabed. What’s new is that Chrome now checks all passwords stored in Chrome’s password manager, and it does so as long as you’re signed into Chrome, even if Sync is not enabled.

It’s not clear whether there are specific Chrome settings that control this behaviour.

Safe to use

In the blog post announcing these changes, Google is careful to explain that the process of checking your passwords is itself completely secure, and even Google can’t determine your password as part of the process. The other checks that involve sending information to Google’s systems are also secure and private. In other words, you don’t need to worry about any of your information or activity being intercepted or misused, even by Google.

Four security fixes in Chrome 77.0.3865.90

Like it or not, Chrome is the web browser that’s taking over the world. I use Chrome sparingly these days, mainly because recent versions have problems playing streaming video reliably, and because it seems to drain system resources more than other browsers — especially on mobile devices.

Still, Chrome has a lot going for it, and it remains a solid alternative to Firefox and the numerous browsers that, like Chrome, are based on the Chromium engine. Google welcomes — and indeed, rewards — vulnerability reports, and they act quickly to fix and release updates for Chrome.

Chrome 77.0.3865.90 includes fixes for four security vulnerabilities, all of which were reported by researchers not employed by Google. The full change log lists a few minor tweaks and obscure bug fixes.

Check your Chrome version and update it to the latest version by clicking the browser’s ‘three vertical dots’ menu button and navigating to Help > About Google Chrome.

Chrome 77.0.3865.75

On September 10, Google released a new version of Chrome that includes fifty-two fixes for security vulnerabilities. The full change log lists almost seventeen thousand changes in all, so I’m going to assume that there’s nothing in there worth mentioning, aside from the security fixes. Presumably, if Google wanted to highlight any of the changes, they’d be outlined in the official release notes for Chrome 77.0.3865.75.

As is often the case with Chrome security vulnerabilities, many of those addressed in Chrome 77.0.3865.75 were discovered and reported by independent security researchers. There’s a list of those fine folks in the release notes, along with the rewards they earned from Google for their work.

To update Chrome, click its ‘three dots’ menu and navigate to Help > About Google Chrome. If there’s a newer version than the one you’re running, you should see an update link.

Chrome 76.0.3809.132

The latest version of Chrome (Google’s browser, not the open source Chromium project upon which it is based) is 76.0.3809.132. The new version provides fixes for three security vulnerabilities, some of which were discovered and reported by independent researchers.

If you love digging into dry technical details, the Chrome change log is for you. The new version’s log is at least brief. A cursory scan shows nothing particularly interesting.

Chrome usually updates itself, albeit somewhat mysteriously, since Google’s update schedule is unclear and possibly varies widely from update to update. Google’s update mechanisms also occasionally stop working — silently. It’s a good idea to check which version you’re running and install a new version if it’s offered on the Help > About Google Chrome dialog (click the ‘three dot’ menu button at the top right of Chrome’s user interface).

Chrome 76.0.3809.100

Google released another version of Chrome a few days ago, and it includes fixes for four security vulnerabilities. The change log is mercifully brief, but there’s also not much there of interest. The announcement for Chrome 76.0.3809.100 gives credit to non-Google security researchers for discovering two of the vulnerabilities.

Check your version of Chrome by navigating its ‘three dot’ menu to Help > About Google Chrome. If an update is available, you can install it from there.