On schedule, Chrome’s next major update has started rolling out for Windows, macOS, and Linux users. This update is relatively light in the features department but offers a healthy set of security updates and patches. Let’s take a look at the new features in Chrome 105 for desktop.
More PWA Controls
Progressive web apps have come a long way in Chrome, and soon it will be nearly impossible to distinguish browser-based tools from native apps. Chrome 97 has added the ability to add items to the web app’s top bar. Chrome 105 builds on this feature with customizable controls. Now, web app developers can add tools like search bars and add or customize features in the top bar. This gives developers more control over how the web application looks and interacts with the user.
Window tiling options
We have covered this upcoming feature in detail and although it is technically not available in Chrome 105, you can enable it with a simple flag. The feature will give Chrome the ability to capture a window similar to what Windows already does. When enabled, you simply slide the zoom button in Chrome and you’ll see a variety of size and capture options for the window that’s in focus. Here’s a look at the feature running on ChromeOS in the Canary Channel.
As I mentioned, this feature is not turned on by default but you can enable it by pointing your browser to
chrome://flags/#partial-split and empowering science. Once Chrome restarts, you should be able to see the window pop up in action.
Like I said, there isn’t much to talk about in this update from a user point of view but there are some updates that give developers some new and updated tools to work with. You can read more about those on the Chromium blog but I’ll include them here just in case you’re interested.
- Custom Highlight API – Custom Highlight API provides a way for web developers to design arbitrary ranges text. This is useful in a variety of scenarios, including editing frameworks for which you want to perform selection, in-page search on virtual documents, multiple selections to represent online collaboration or spell-checking frameworks.
- Container queries – Container queries allow developers to query a parent specifier for its size and design information, making it possible for a child element to have responsive design logic, regardless of where it lives on the web page.
- : has() Pseudo Class – The CSS
:has()A pseudo-class allows developers to check if a parent element contains child elements with specified parameters.
- Fetch Upload Streaming – Initiate an application before you have the full text available using the Streams API.
- Multiscreen Windowing API – Enhancements to naming strings provided by the Multiscreen Windowing API
Security updates and patches
That’s all about features, tools, and now, in security updates. This version of Chrome contains a whopping 24 patches. While this may seem like an exaggeration, it’s not uncommon for a significant update to happen and this means that Google continues to focus on keeping Chrome safe and secure for all of its users. Below is a list of the patches along with associated bugs and rewards collected by the developers who discovered each vulnerability.
- [$NA] CVE-2022-3038 Critical: Use it for free in network service. Reported by Sergei Glazunov from Google Project Zero on 06-28-2022
- [$10000] High CVE-2022-3039: Use it for free in WebSQL. Reported by Nan Wang (@ eternalsakura13) and Guang Gong of 360 Institute for Vulnerability Research on 07-11-2022
- [$9000] High CVE-2022-3040: Use it free for planning. Reported by Anonymous on 07-03-2020
- [$7500] High CVE-2022-3041: Use it for free in WebSQL. Reported by Ziling Chen and Nan Wang (@ eternalsakura13) of 360 Institute for Vulnerability Research on 07-20-2022
- [$5000] High CVE-2022-3042: Use it for free at PhoneHub. Reported by koocola (@alo_cook) and Guang Gong from 360 Institute for Vulnerability Research on 06-22-2022
- [$3000] High CVE-2022-3043: Buffer overflow in screenshot. Report from @ginggilBesel on 06-16-2022
- [$NA] CVE-2022-3044 spike: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
- [$TBD] CVE-2022-3045 High: Insufficient untrusted entry validation in V8. Ben Nordhuis report email@example.com dated 06-26-2022
- [$TBD] High CVE-2022-3046: Use it for free in your browser tag. Transferred by Rong Jian from VRI on 07-21-2022
- [$7000] Average CVE-2022-3047: Insufficient Policy Implementation in Extensions API. Narrated by Maurice Dower on 07-07-2022
- [$5000] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lock screen. Written by Andr.Ess on 03-06-2022
- [$3000] Average CVE-2022-3049: Use it for free at SplitScreen. By @ginggilBesel on 04-17-2022
- [$3000] Average CVE-2022-3050: WebUI buffer overflow. Reported by Zhihua Yao from KunLun Laboratory on 06-17-2022
- [$2000] CVE-2022-3051 mean: Exosphere buffer overflow. Reported by @ginggilBesel on 07-18-2022
- [$2000] Average CVE-2022-3052: Buffer overflow in Window Manager. Narrated by Khalil Zani on 07-21-2022
- [$TBD] Average CVE-2022-3053: Inappropriate implementation in Pointer Lock. Presented by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
- [$TBD] Average CVE-2022-3054: Inadequate Policy Implementation in DevTools. Reported by Kuilin Li on 01-24-2022
- [$TBD] Average CVE-2022-3055: Use it free for passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Institute for Vulnerability Research on 08-11 2022
- [$3000] a little CVE-2022-3056: Insufficient policy enforcement in the Content Security Policy. Reported by Anonymous on 05-26-2020
- [$2000] a little CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Hayes on 06-16-2022
- [$1000] a little CVE-2022-3058: Use it after free login flow. Reported by Raven at Kun Lun Lab 06-20-2022
Chrome 105 is currently rolling out to Windows, macOS, and Linux users. If you haven’t received the update, don’t worry. It should be along in the coming days. You can always check for updates by heading to the three-dot menu at the top right of your Chrome browser, clicking Help, and clicking About Chrome. There, you will see an update button. If Google sticks to its schedule, we’ll see the ChromeOS 105 update tomorrow. Stay tuned for more on that when it arrives.
#Chrome #desktop #arrived