Google Chrome 123 removes Theora support, adds zstd compression for HTTPS

Google Chrome 123 is available in the stable branch, and comes with several changes, new features and improvements. As mentioned in the title, it completely removes the Theora codec. The new tab page now allows opening tabs from other devices with one click. The browser now supports the Zstandard (zstd) compression algorithm, in addition to t gzip, brotli and deflate algorithms for content download. For a small percentage of US users it brings up a few AI-powered features like automatic tab organizer. And much more.

What's new in Google Chrome 123

  • The new tab page offers a new section with tabs recently opened on other devices (synced via the Google account).
  • Added support for encoding content using the Zstandard (zstd) compression algorithm, in addition to the previously supported gzip, brotli and deflate algorithms.

Theora removal

As announced earlier, Chrome 123 no longer suppors the free Theora video codec, created by the Xiph.org Foundation and based on the VP3 codec. It was supported in Firefox and Chrome since 2009, but not supported in Chrome for Android and WebKit-based browsers such as Safari. The reason cited for deprecating Theora support is that there may be vulnerabilities. According to the developers, due to the increasing frequency of 0-day attacks on media codecs, security risks exceed the level of demand for the Theora codec, which is almost never used in practice, but remains a significant target for potential attacks.

Third-party cookies support

The number of users with disabled support for third-party cookies when visiting sites other than the current page's domain has been steadily rising. These cookies are commonly utilized to monitor user activity across various websites within advertising networks, social media widgets, and web analytics platforms.

The changes are part of the Privacy Sandbox initiative. It aims to strike a compromise between users' need to maintain privacy and the desire of advertising networks and sites to track visitors' preferences. Google plans to gradually expand the disabling of third-party cookies and reach 100% in the 3rd quarter of 2024. To disable it without waiting for the changes coming to your device, you can use the chrome://flags/#test-third-party-cookie-phaseout flag.

AI Features

For a small percentage of US users, Chrome enables by default a set of AI-powered features. Those include the smart tab grouping mode, theme generator, and interactive assistant. In enterprise environments  administrators can enable or disable AI tools with Group Policy for Chrome.

Other changes

  • The service for synchronizing settings, history and bookmarks (Chrome Sync) has stopped supporting releases prior to Chrome 82.
  • When you enable enhanced browser protection (Safe Browsing > Enhanced protection), information is sent to Google with information about sites displaying requests for advanced privileges (such pages are checked against an external database of malicious content and, if a match is found, a warning is immediately shown to the user). Also included is sending telemetry about user cancellation of warnings shown before opening pages blacklisted by Google.

Enhanced security

Google has published an article detailing the security measures in place to protect users from accessing malicious content. When a user opens a webpage, a partial hash of the URL is sent to Google for verification against a database of harmful content.

This partial hash only includes the first 4 bytes of the full hash to ensure privacy.

If a match is found in the database, a list of full hashes associated with the partial hash is returned to the user's browser for a final comparison. To further protect user privacy, the partial hash is first sent to an intermediary proxy before reaching the Safe Browsing system server.

Chrome for Android and iOS

  • Chrome for Android and iOS has added the ability to continue viewing sites previously opened on other devices connected to the same Google account.
  • Chrome for Android has changed the way it stores local passwords so they don't sync across devices. Previously, local passwords were stored in the Chrome profile, and will now be moved to the password storage provided by Google Play services, which is already used to store the password for the Google account. In Chrome 123, the new storage mode is enabled for users without local passwords, and in Chrome 124 it will be applied to users with local passwords.

Closed vulnerabilities

Chrome 123 includes not only new features and improvements but also closes 12 vulnerabilities. These vulnerabilities were found through rigorous automated testing with tools such as AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer, and AFL. Thankfully, none of the identified vulnerabilities were critical enough to breach all of the browser's protection levels and execute code outside of the sandbox environment.

Google's program to reward individuals who discover vulnerabilities in the current release resulted in 7 cash awards totaling $22,000. These awards ranged from $1,000 to $10,000, with the final award amount still pending determination.

Source

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.