Google took swift action on Wednesday, September 27, 2023, by releasing a patch to address a zero-day vulnerability in Chrome that had been actively exploited in the wild, and introduced additional security. This vulnerability, assigned a record of CVE-2023-5217, is linked to a heap-based buffer overflow and was found in the VP8 compression format within the open-source libvpx video codec library, developed by the Alliance for Open Media (AOMedia) in collaboration with Google.
The occurrence of a heap overflow triggers a situation in the buffer overflow, were the buffer that can be overwritten resides in a heap memory allocation. This indicates that the buffer was allocated using a function like malloc(). The drawback of this situation is its effect on the TRIAD of cybersecurity: Confidentiality, Integrity, and Availability.
In this scenario, the Chrome browser experiences frequent crashes, rendering the program unavailable and causing it to become trapped in an infinite loop. Furthermore, it leads to the execution of arbitrary code that operates beyond the program’s inherent security boundaries.
Additional Security Features:
An enhanced security feature has been introduced in the new chrome update, with a fast and protective approach against malicious occurrence and alerts the browser users before they occur. It also provides safe chrome browsing experience, while ensuring Google apps are more secured, and each time users sign in, they are warned of any traces of their password being discovered in a data breach. This feature is known as the “Safe Browsing.”
The new browser Update to V 117.0.5938.132 also came with additional features which are outlined below:
Chrome Secure DNS:
This feature provides users with the capability to enhance their privacy and security while conducting internet searches. Activating Secure DNS in Chrome results in the encryption of user information. By default, Secure DNS is automatically enabled.
Nevertheless, users have the option to either configure a custom DNS or choose from a predefined list of DNS servers like (Cloud Flare (184.108.40.206), Google (Public DNS), CleanBrowsing (Family Filter), and OpenDNS) provided in Chrome. In the automatic mode of DNS settings, search queries are encrypted. However, if Chrome encounters difficulties while attempting to access a website in this mode, it will still perform the lookup, but user data will not be encrypted.
Chrome Spyware Checker:
A new feature known as Chrome spyware checker is introduced in the new update. This allows users remove unwanted ads, pop-ups, or even malware residing within their browser. Using the chrome browser on the internet may result into malicious plugins or code installing on your browser with your permission.
These are seen in situations like pop-up ads, and new tabs that are persistent, and browser homepage search changes without users’ permission, unwanted plugins and extensions found in the toolbar, browser hijacking and webpages redirected to unknown or unwanted resources, and information about virus on user’s computer. The safe check would detect if your browser is up to date, your password manager, safe browsing mode, and protection from harmful extensions.
The Manage Phone:
This feature enables users to identify the devices where they are currently logged into, on the browser, and view devices that have recently accessed their Google account. It also highlights sessions where users have been signed out of their accounts. Additionally, users can utilize their phone as a security key, manage multiple sessions (multiple email accounts) on a single device, and track their current sign-in status on their Google Account, as well as their sign-in history over the past few weeks.
However, it’s important to note that this may raise privacy concerns, as Google gains insights into all email accounts associated with an individual, as discussed in our August article. For more information about managing your phone, please refer to our detailed article.
Google introduced chrome-ads in its new update, giving users the flexibility and privacy to personalize ads they see each time they are surfing the internet using Google chrome.
These ads are tailored based on user’s internet browsing history, site users visit, and more. The new chrome also comes with Auto-Delete function that enables browser to delete topics and sites that suggest ads to chrome users within 30-days.
Website also are able to ask chrome for information in order for the website to detect their ad-performances, and chrome will only release limited data requested of the user by the website. This data includes information’s such as time of day, and the ad shown to the site visitor.
The Ad Topics allow ads to be shown to users based on their search history (topic of interest), and users have the flexibility to either toggle the button on or off. Users are also able to block topics in the “Topics you blocked” and users can also block topics they do not wish to share with various websites users’ accesses. These topics blocked have a lifespan of 4-weeks in which after the expiry, the browser auto deletes them.
Site Suggested Ads:
Site Suggested Ads also a new feature in the browser update. Allowing sites to suggest ads to visitors using chrome as their browser. Users can toggle this button “on” or “off”. This enables the site to suggest to users what they like and suggest more ads as they continue browsing. Users also have the option to block sites they don’t want to suggest ads to them, and by default the block list is auto-deleted after 30-days by chrome.
A new function has been introduced for digital marketers in the new update; assisting in market analytics. Site advertisers are now able to measure their ad performance.
Google also ensures the end user privacy only shares limited information such as time of day ad was shown to the site visitors, deleting of ad-measurement is done continuously by chrome, users browsing reports are sent with delay to protect users’ identity.
Additionally, users who are on Android devices are able to include similar settings on their phone. Enabling an organization measure effectiveness of their add across websites visited by the user, even when ad measurement is turned on web and android device at the same time.
All these “New Security Features” can be discovered in the “Privacy and Settings Tab.” Chrome users can play around with these functions and personalized them to their own suitable demands, while ensuring their privacy.
Please do let us know in the comment section what are your thoughts about this.