Google Chrome 79 released

[German]Google released Chrome 79 on December 10, 2019. This update contains several fixes for security vulnerabilities as well as some new features. For example, passwords for websites will be checked to see if they are contained in leaked databases. Real-time phishing protection and freezing of background tabs have also been added. Here is some information about the new browser version.


Advertising

There were updates for the desktop (release notes for Chrome 79.0.3945.79) as well as for Android (release notes for Chrome 79.0.3945.79).

New in Chrome 79, better password protection and more

In this blog post, Google announced better password protection for Chrome. When the user types a password to log in online on a webpage, Chrome checks to see if that password appears in a list of stolen passwords. In this case, the user will receive a warning. The announcement can be found here.

Chrome 79: Passwort-Warnung(Source: Google)
(Chrome 79: Password warning)

  • Whenever Google discovers a username and password that are compromised by another company's privacy breach, it is stored as a hashed and encrypted copy of the data on Google's servers with a secret key known only to Google.
  • When users sign in to a website, Chrome sends a hash copy of the username and password to Google encrypted with a secret key known only to Chrome. No one, including Google, is able to derive this username or password from this encrypted copy.

If a violation is detected, the user receives the above warning. You can read the details here. This check can be activated or deactivated in the settings.

In addition, Google has implemented real-time phishing protection that checks and blocks phishing approaches on target pages while surfing in real time. You can also read the details on this website and in this article


Advertising

Colleagues from deskmodder.de mentions, that browser tabs running in the background should be frozen to save memory. This is one of the problems that the Chrome browser is now dragging around. There are also warnings (see details) about mixed content on websites. The following video introduces further innovations.

(Source: YouTube)

Security fixes in Chrome 79

The following security fixes for the desktop version of the browser are listed in the Release Notes.

  • [1025067] Critical CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-15
  • [1027152] Critical CVE-2019-13726: Heap buffer overflow in password manager. Reported by Sergei Glazunov of Google Project Zero on 2019-11-21
  • [944619] High CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported by @piochu on 2019-03-21
  • [1024758] High CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 on 2019-11-14
  • [1025489] High CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin(金哲,Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2019-11-16
  • [1028862] High CVE-2019-13730: Type Confusion in V8. Reported by Wen Xu of SSLab, Georgia Tech on 2019-11-27
  • [1023817] High CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov of Google Project Zero on 2019-11-12
  • [1025466] High CVE-2019-13734: Out of bounds write in SQLite. Reported by "Team 0x34567a61" @Xbalien29 @leonwxqian on 2019-11-16
  • [1025468] High CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and Zhen Feng from Tencent Keen Lab on 2019-11-16
  • [1028863] High CVE-2019-13764: Type Confusion in V8. Reported by Wen Xu of SSLab, Georgia Tech on 2019-11-26
  • [1020899] Medium CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous on 2019-11-03
  • [1013882] Medium CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported by Mark Amery on 2019-10-12
  • [1017441] Medium CVE-2019-13738: Insufficient policy enforcement in navigation. Reported by Johnathan Norman and Daniel Clark of Microsoft Edge Team on 2019-10-23
  • [824715] Medium CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2018-03-22
  • [1005596] Medium CVE-2019-13740: Incorrect security UI in sharing. Reported by Khalil Zhani on 2019-09-19
  • [1011950] Medium CVE-2019-13741: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski of Securitum on 2019-10-07
  • [1017564] Medium CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-10-24
  • [754304] Medium CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng of Tencent security platform department on 2017-08-10
  • [853670] Medium CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by Prakash (@1lastBr3ath) on 2018-06-18
  • [990867] Medium CVE-2019-13745: Insufficient policy enforcement in audio. Reported by Luan Herrera (@lbherrera_) on 2019-08-05
  • [999932] Medium CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by David Erceg on 2019-09-02
  • [1018528] Medium CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan Popelyshev and André Bonatti on 2019-10-26
  • [993706] Medium CVE-2019-13748: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2019-08-14
  • [1010765] Medium CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-10-03
  • [1025464] Medium CVE-2019-13750: Insufficient data validation in SQLite. Reported by "Team 0x34567a61" @Xbalien29 @leonwxqian on 2019-11-16
  • [1025465] Medium CVE-2019-13751: Uninitialized Use in SQLite. Reported by "Team 0x34567a61" @Xbalien29 @leonwxqian on 2019-11-16
  • [1025470] Medium CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16
  • [1025471] Medium CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian of Tencent Blade Team on 2019-11-16
  • [442579] Low CVE-2019-13754: Insufficient policy enforcement in extensions. Reported by Cody Crews on 2014-12-16
  • [696208] Low CVE-2019-13755: Insufficient policy enforcement in extensions. Reported by Masato Kinugawa on 2017-02-25
  • [708595] Low CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil Zhani on 2017-04-05
  • [884693] Low CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2018-09-17
  • [979441] Low CVE-2019-13758: Insufficient policy enforcement in navigation. Reported by Khalil Zhani on 2019-06-28
  • [901789] Low CVE-2019-13759: Incorrect security UI in interstitials. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-11-05
  • [1002687] Low CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-09-10
  • [1004212] Low CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by csanuragjain (@csanuragjain) on 2019-09-16
  • [1011600] Low CVE-2019-13763: Insufficient policy enforcement in payments. Reported by weiwangpp93 on 2019-10-05

Chrome version 79.0.3945.79 is available for Windows, Mac and Linux and will be rolled out to the systems in the next few days via the automatic update function. You can download it here.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in browser, Software, Update and tagged , , . Bookmark the permalink.

One Response to Google Chrome 79 released

  1. EP says:

    Google Chrome 79 updated to version 79.0.3945.117 a few days ago, guenni.

    Regarding Chrome support under Windows 7, I saw this blog from Google Cloud:
    https://cloud.google.com/blog/products/chrome-enterprise/how-chrome-is-helping-enterprises-still-using-windows-7

    the Deskmodder.de site is also recently mentioning it as well:
    https://www.deskmodder.de/blog/2020/01/10/windows-7-google-chrome-bekommt-noch-15-jahre-updates/

    It appears Google Chrome will support Win7 until mid-July 2021

Leave a Reply

Your email address will not be published. Required fields are marked *