Introduction to Chrome 118 Takes a Giant Leap in Patching Security Gaps: Unpacking 20 Fixes
In the realm of web browsers, Google Chrome reigns supreme with its constant updates and enhancements, each one aimed at bolstering user experience and security. But this time, Google has outdone itself with the release of Chrome 118, which addresses not just one or two, but 20 different security vulnerabilities. This update is particularly significant because it includes fixes that are crucial for user safety, such as preventing arbitrary code execution.
This exhaustive piece delves into what Chrome 118 brings to the table in terms of resolving security vulnerabilities. Whether you're a casual browser or a cybersecurity enthusiast, understanding the changes in Chrome 118 is vital to your digital well-being.
The Scope of the Update
Version Numbers Across Platforms
The Chrome 118 update has been rolled out across multiple platforms, sporting various version numbers:
- Chrome for Mac and Linux: 118.0.5993.70
- Chrome for Windows: 118.0.5993.70 and 118.0.5993.71
- Chrome Extended for Mac: 118.0.5993.70
- Chrome Extended for Windows: 118.0.5993.71
- Chrome for Android: 118.0.5993.65
Importance of Version Numbers
The different version numbers are essential as they usually represent minor differences in features or bug fixes that are specific to each operating system. For example, 118.0.5993.71 for Windows may include patches that are not necessary for the Mac version.
Noteworthy Vulnerabilities Addressed
One of the standout security fixes in this update involves a vulnerability tagged with the tracking number CVE-2023-5218. This is a ‘use after free' vulnerability found in Site Isolation, an important security feature in Chrome.
In layman's terms, a ‘use after free' vulnerability means that the program tries to access a memory location after it has been freed, leading to a host of problems including data corruption and crashes. But, most dangerously, it can lead to the execution of arbitrary code. This makes it a severe security risk that needs immediate attention.
For a more in-depth understanding of ‘use after free' vulnerabilities, click here
Classification of Risk Levels
While CVE-2023-5218 takes the cake for being the most severe, other vulnerabilities range in risk from ‘medium' to ‘low.' This classification is critical as it helps prioritize which vulnerabilities should be patched first. But that does not mean one should ignore the ‘medium' and ‘low' risk vulnerabilities. They too can lead to lesser but still significant issues such as data leaks.
Privacy Upgrades: Encrypted Client Hello
In addition to patching security holes, Chrome 118 introduces a feature called Encrypted Client Hello. When you visit a website, the domain name is usually visible to network operators. Encrypted Client Hello prevents this, effectively stopping ISPs from knowing which websites you're visiting. This feature builds upon an earlier protocol called Server Name Indication (SNI), which also aims to protect domain names but is not as efficient.
Read more about Encrypted Client Hello
Enhanced Safe Browsing Features
Chrome 118 is also taking user security up a notch by enabling Enhanced Safe Browsing. This feature works by remotely disabling extensions not installed from the Chrome Web Store. This is a critical move as rogue extensions are one of the common vectors for malware.
Additionally, Chrome 118 introduces a deep scan function. When prompted, users will have to provide a password for archived files, allowing Safe Browsing to scrutinize them for any threats better.
Navigating Chrome’s Security Settings
Another notable update in Chrome 118 is the improved explanation text around Safe Browsing protection levels. Users will find a more detailed table and links to a help center article that will educate them about the trade-offs of choosing various protection levels. This is crucial for user awareness and helps in making an informed choice on security settings.
Learn more about Chrome’s Security Settings
The Criticality of Keeping Your Browser Updated
In summary, the Chrome 118 update is not just another incremental improvement; it is a substantial leap in terms of security. Several of these vulnerabilities, including some that allow for arbitrary code execution, were being actively exploited. Therefore, updating to Chrome 118 is not an option but a necessity to secure yourself against the latest security threats and vulnerabilities.
Conclusion
In a world where cybersecurity threats are ever-evolving, staying updated is your first line of defense. Google's Chrome 118 focuses primarily on patching up numerous security vulnerabilities, ensuring that users can browse the internet with an added layer of safety. If you haven't updated yet, now is the time.
FAQs
What is Chrome 118?
Chrome 118 is the latest stable version of Google's web browser, Chrome. It includes numerous updates, enhancements, and more importantly, fixes for 20 security vulnerabilities.
What are the critical vulnerabilities addressed in Chrome 118?
The most severe vulnerability in Chrome 118 is identified as CVE-2023-5218, which exists in Site Isolation. It is a ‘use-after-free' vulnerability and is highly critical.
How can I update to Chrome 118?
You can update to Chrome 118 via the browser’s settings menu, or you can download the latest version directly from Google's official website.
What is the ‘Encrypted Client Hello' feature in Chrome 118?
The ‘Encrypted Client Hello' feature enhances user privacy by protecting domain names from being leaked to network operators like ISPs.
How does Enhanced Safe Browsing work in Chrome 118?
Enhanced Safe Browsing remotely disables extensions that are not installed from the Chrome Web Store and offers deep scan functionalities to improve security.
What systems are compatible with Chrome 118?
Chrome 118 is available for Mac, Linux, and Windows systems, as well as Android devices.
Are older Chrome versions vulnerable?
Older versions of Chrome are more likely to be vulnerable to security threats, making it crucial to update to Chrome 118 to benefit from the latest security patches.
What are some other features in Chrome 118 apart from security fixes?
Besides security enhancements, Chrome 118 also offers updates like the Memory Saver feature that automatically hibernates inactive tabs and a new danger icon that replaces the previous warning icon.
What should I do if I can't update to Chrome 118?
If you're having issues updating, try restarting your browser or system, and ensure that you have a stable internet connection. If the problem persists, contact Google Support.
Is it urgent to update to Chrome 118?
Given that one of the vulnerabilities was actively exploited in the wild, it is highly recommended to update your browser as soon as possible to protect against security threats.
Kevin Bong was formerly the Director of Corporate Security for Johnson Financial Group, and currently works as an Information Assurance Consultant for SynerComm, Inc. Kevin has a BS in Physics and Computer Science from Carroll University, an MS in Information Security Engineering from the SANS Institute, and has earned multiple certifications including PMP and GIAC GSE. Kevin is also an amateur astronomer, beekeeper, an author and instructor, and a pretty neat dad. Prior to Impulsec, Kevin worked a Penetration Testing “Drop Box” project similar to the Pwnie Express called the MiniPwner.
Leave a Reply