Chrome 112 is out with mostly security fixes

Google has announced the launch of Chrome 112 web browser. For users requiring additional time to update, the Extended Stable branch will be available for the next 8 weeks. The forthcoming release of Chrome 113 is scheduled for May 2nd.

The Chrome 112 release mainly focuses on fixing security issues in the browser. It does not introduce any major new features or changes to the user interface.

What's new in Chrome 112

  • Chrome 112 includes a more advanced version of the Safety Check feature. It offers a comprehensive overview of potential security concerns, including compromised passwords, Safe Browsing status, uninstalled updates, and identification of malicious add-ons. The new version implements automatic revocation of previously granted permissions for sites that the user doesn't  use for a long time. It also adds options to disable automatic revocation and return revoked permissions.
  • Websites are now prohibited from setting document.domain properties to enforce same-origin policies for resources loaded from distinct subdomains. In cases where it is necessary to establish communication channels between subdomains, the recommended solutions are either utilizing the postMessage() function or the Channel Messaging API.
  • Chrome 112 discontinues support for custom Chrome web applications on macOS, Linux, and Windows platforms. Instead of Chrome Apps, one should switch to standalone web apps based on Progressive Web App (PWA) technologies and the standard Web APIs.
  • The Chrome Root Store, which is the built-in root certificate store, now supports name restrictions for root certificates. This means that a strong root certificate may only have a permission to issue certificates for infrequent first-level domains. Chrome 113 will use the Chrome Root Store and the built-in certificate verification mechanism on Android, Linux, and ChromeOS platforms. The transition mechanism to the Chrome Root Store already support Windows and macOS.
  • Some users will see a simplified interface for connecting an account in Chrome.
  • Provided the ability to export and back up to Google Takeout to store data, identify different instances of Chrome, and identify unique AUTOFILL, PRIORITY_PREFERENCE, WEB_APP, DEVICE_INFO, TYPED_URL, ARC_PACKAGE, OS_PREFERENCE, OS_PRIORITY_PREFERENCE, and PRINTER types.
  • The authorization page from add-ons that use Web Auth Flow will now open in a tab instead of a separate window. It will allow you to see the URL, and save you from phishing attacks. The new implementation uses a shared connection state for all tabs and saves the state across restarts.
  • Service Worker add-ons can now access the WebHID API, that are designed for low-level access to HID devices (user interface devices, keyboards, mice, gamepads, touchpads).

In addition to improvements and bug fixes, Chrome 112 fixes 16 vulnerabilities. Some of the vulnerabilities were identified with help of automated testing tools, including AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer and AFL. There were no critical vulnerabilities.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.