[German]Google released a new update of the Google Chrome browser on August 25, 2020, which raises the browser to version 85. This is a new branch of development, which, in addition to bug fixes, also closes vulnerabilities and offers new features.
Google has published this blog post about version 85.0.4183.83. According to this Google blog post, Chrome 85 is also available for Android. Chrome 85.0.4183.83 for the desktop contains a number of fixes and improvements. The Google-Blog contains this post about the organization of new tabs in Chrome 85.
- For example, the tabs in the browser should now load 10 percent faster when switching. The new compiler optimization technique known as Profile Guided Optimization (PGO) makes this possible (see also this Google Blog post and this article at Bleeping Computer).
- Tab groups can now be grouped by topic or task for better visual differentiation. Tab groups can be folded in and out (see the animated image here).
- For tablets, the tabs should now be more touch-friendly.
In the article linked above, a number of further optimizations in the area of chrome tabs are listed and presented in animated images. Chrome 85 comes with extensive new features.
- Among them are a QR Code generator,
- AVIF image support (the AV1 Image File Format (AVIF) compresses images using the AV1 codec and has proven to drastically reduce image sizes without significant loss of quality)
- better protection against mixed content downloads, mixed content downloads are files that are delivered over an insecure HTTP connection when first launched from HTTPS sites With this release, Chrome displays a visual warning when downloading audio, video, image, and ext files (e.g., .png, .gif, .jpg, .mp4 files) with mixed content.
- further secure cookies from the same website and application links for PWAs.
Bleeping Computer has published this article with some information about this. In the new Chrome 85 version, 20 vulnerabilities have been fixed by Google in the Chrome browser for the desktop.
- [$N/A] High CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2020-07-24
- [$TBD] High CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab on 2020-08-15
- [$5000] Medium CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de on 2020-07-22
- [$1000] Medium CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu on 2019-02-16
- [$1000] Medium CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa on 2020-05-27
- [$1000] Medium CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira on 2020-07-12
- [$500] Medium CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani on 2018-05-10
- [$500] Medium CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2019-12-02
- [$N/A] Medium CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2020-03-27
- [$500] Low CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS on 2019-03-01
- [$500] Low CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室） on 2020-06-08
- [$N/A] Low CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei on 2019-08-20
- [$N/A] Low CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable on 2020-05-19
- [$N/A] Low CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora on 2020-05-21
The Chrome version for Windows, Mac and Linux will be rolled out to the systems in the next few days via automatic update. But you can also download this build here. Updates for Edge, Vivaldi and other clones will probably follow soon.
Cookies helps to fund this blog: Cookie settings