{"id":13998,"date":"2020-04-08T08:12:14","date_gmt":"2020-04-08T06:12:14","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13998"},"modified":"2020-09-22T22:37:19","modified_gmt":"2020-09-22T20:37:19","slug":"chrome-81-released","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/08\/chrome-81-released\/","title":{"rendered":"Chrome 81 released"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Chrome.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/08\/chrome-81-mit-sicherheitsfixes-verfgbar\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Google's developers have released the Chrome 81 on 7 March 2020. The browser update closes 32 security holes in total and comes with the Web NFC API. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/495ed67157444e8d8f85588d36f190d2\" width=\"1\" height=\"1\">There was already this German comment <a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/07\/firefox-75-und-68-7-0esr-verfgbar\/#comment-87773\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> (thanks) &#8211; and Bleeping Computer has published <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/chrome-81-released-with-32-security-fixes-and-web-nfc-api\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> about it.&nbsp;&nbsp; <\/p>\n<h2>Changes and new features in Chrome 81<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/51948863aefb4c74a3cdd86e356d4a58\" width=\"1\" height=\"1\">The changes in Chrome 81 were announced by the developers for the desktop in this <a href=\"https:\/\/chromereleases.googleblog.com\/2020\/04\/stable-channel-update-for-desktop_7.html\" target=\"_blank\" rel=\"noopener noreferrer\">blog post<\/a>. Chrome 81.0.4044.92 contains a number of fixes and improvements &#8211; a list of the changes is available in the Change Log. <\/p>\n<blockquote>\n<p>Chrome version 82 is skipped due to the COVID 19 crisis. Chrome 83 is scheduled for release in May 2020. <\/p>\n<\/blockquote>\n<p>The Chrome browser version 81.0.4044.92 brings fixes for the following vulnerabilities in previous versions: <\/p>\n<ul>\n<li>[$7500][<a href=\"https:\/\/crbug.com\/1019161\" target=\"_blank\" rel=\"noopener noreferrer\">1019161<\/a>] High CVE-2020-6454: Use after free in extensions. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2019-10-29\n<li>[$5000][<a href=\"https:\/\/crbug.com\/1043446\" target=\"_blank\" rel=\"noopener noreferrer\">1043446<\/a>] High CVE-2020-6423: Use after free in audio. Reported by Anonymous on 2020-01-18\n<li>[$3000][<a href=\"https:\/\/crbug.com\/1059669\" target=\"_blank\" rel=\"noopener noreferrer\">1059669<\/a>] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09\n<li>[$2000][<a href=\"https:\/\/crbug.com\/1031479\" target=\"_blank\" rel=\"noopener noreferrer\">1031479<\/a>] Medium CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen @ SeraphicAlgorithms on 2019-12-06\n<li>[$2000][<a href=\"https:\/\/crbug.com\/1040755\" target=\"_blank\" rel=\"noopener noreferrer\">1040755<\/a>] Medium CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Micha\u0142 Bentkowski of Securitum on 2020-01-10\n<li>[$1000][<a href=\"https:\/\/crbug.com\/852645\" target=\"_blank\" rel=\"noopener noreferrer\">852645<\/a>] Medium CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera (@lbherrera_) on 2018-06-14\n<li>[$1000][<a href=\"https:\/\/crbug.com\/965611\" target=\"_blank\" rel=\"noopener noreferrer\">965611<\/a>] Medium CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg on 2019-05-21\n<li>[$1000][<a href=\"https:\/\/crbug.com\/1043965\" target=\"_blank\" rel=\"noopener noreferrer\">1043965<\/a>] Medium CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-01-21\n<li>[$500][<a href=\"https:\/\/crbug.com\/1048555\" target=\"_blank\" rel=\"noopener noreferrer\">1048555<\/a>] Medium CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han (DaramG) of Theori on 2020-02-04\n<li>[$N\/A][<a href=\"https:\/\/crbug.com\/1032158\" target=\"_blank\" rel=\"noopener noreferrer\">1032158<\/a>] Medium CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-09\n<li>[$TBD][<a href=\"https:\/\/crbug.com\/1034519\" target=\"_blank\" rel=\"noopener noreferrer\">1034519<\/a>] Medium CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov from Vivaldi on 2019-12-16\n<li>[$500][<a href=\"https:\/\/crbug.com\/639173\" target=\"_blank\" rel=\"noopener noreferrer\">639173<\/a>] Low CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn on 2016-08-19\n<li>[$500][<a href=\"https:\/\/crbug.com\/714617\" target=\"_blank\" rel=\"noopener noreferrer\">714617<\/a>] Low CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang on 2017-04-24\n<li>[$500][<a href=\"https:\/\/crbug.com\/868145\" target=\"_blank\" rel=\"noopener noreferrer\">868145<\/a>] Low CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra on 2018-07-26\n<li>[$500][<a href=\"https:\/\/crbug.com\/894477\" target=\"_blank\" rel=\"noopener noreferrer\">894477<\/a>] Low CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg on 2018-10-11\n<li>[$500][<a href=\"https:\/\/crbug.com\/959571\" target=\"_blank\" rel=\"noopener noreferrer\">959571<\/a>] Low CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04\n<li>[$500][<a href=\"https:\/\/crbug.com\/1013906\" target=\"_blank\" rel=\"noopener noreferrer\">1013906<\/a>] Low CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey on 2019-10-12\n<li>[$500][<a href=\"https:\/\/crbug.com\/1040080\" target=\"_blank\" rel=\"noopener noreferrer\">1040080<\/a>] Low CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-01-08\n<li>[$N\/A][<a href=\"https:\/\/crbug.com\/922882\" target=\"_blank\" rel=\"noopener noreferrer\">922882<\/a>] Low CVE-2020-6444: Uninitialized Use in WebRTC. Reported by mlfbrown on 2019-01-17\n<li>[$N\/A][<a href=\"https:\/\/crbug.com\/933171\" target=\"_blank\" rel=\"noopener noreferrer\">933171<\/a>] Low CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18\n<li>[$N\/A][<a href=\"https:\/\/crbug.com\/933172\" target=\"_blank\" rel=\"noopener noreferrer\">933172<\/a>] Low CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-18\n<li>[$N\/A][<a href=\"https:\/\/crbug.com\/991217\" target=\"_blank\" rel=\"noopener noreferrer\">991217<\/a>] Low CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06\n<li>[$N\/A][<a href=\"https:\/\/crbug.com\/1037872\" target=\"_blank\" rel=\"noopener noreferrer\">1037872<\/a>] Low CVE-2020-6448: Use after free in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26<\/li>\n<\/ul>\n<p>The release note also mentions various fixes from internal audits, fuzzing and other initiatives. Details will not be disclosed by Google for security reasons.  <\/p>\n<h2>New features in Chrome 81<\/h2>\n<p>Bleeping Computer mentions <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/chrome-81-released-with-32-security-fixes-and-web-nfc-api\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> the new Web NFC API. Chrome 81 can now read and write NFC tags if they come close (5-10 cm) to an NFC-enabled device. In the first approach, however, only the NFC data exchange format NDEF, a lightweight binary message format, is supported.<\/p>\n<p>Chrome 81 now automatically tries to load all http embedded image content of a web page over HTTPS and block the content if it cannot be delivered over a secure connection. This means that an image that is not available over HTTPS will not be displayed on the website. <\/p>\n<p>Also starting with this version, there are console warnings for downloads that are delivered insecurely from secure contexts (\"Downloads with mixed content\"). This includes, for example, downloading a file over HTTP initiated from an HTTPS site. BleepingComputer has created a <a href=\"https:\/\/www.bleepingcomputer.com\/PoC\/mixed-content-downloads.html\" target=\"_blank\" rel=\"noopener noreferrer\">PoC page<\/a>, that allows you to test this feature.<\/p>\n<p>Google has planned that TLS 1.0 and 1.1 should be completely removed in Chrome 81. Due to the coronavirus pandemic, Google has decided to postpone the removal up to Chrome 84.<\/p>\n<h2>Availability and download<\/h2>\n<p>The newest Chrome version for Windows, Mac and Linux will be rolled out to the systems via the automatic update function in the next few days. You can download it <a href=\"https:\/\/www.google.com\/intl\/de_de\/chrome\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Google's developers have released the Chrome 81 on 7 March 2020. The browser update closes 32 security holes in total and comes with the Web NFC API.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[872,580,1547,22],"tags":[780,69,195],"class_list":["post-13998","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-software","category-update","tag-chrome","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13998","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=13998"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13998\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=13998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=13998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=13998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}