Google has released a new version of Chrome that resolves multiple vulnerabilities and introduces several new features, including Web NFC. With the launch of Chrome 81, 32 browser vulnerabilities were fixed, 23 of which had been reported to Google by external researchers.
The severity of these bugs has been labeled as “high” by Google. These are vulnerabilities that would have allowed an attacker to execute code within the context of the browser. It is then possible, for example, to read or modify data from other websites. Vulnerabilities for escaping from the Chrome sandbox are also included.
Several new features have also been added to the browser, of which support for Web NFC is the most important. NFC stands for Near Field Communications and makes it possible, for example, to read data between an NFC device and an NFC reader. A well-known example is the use of NFC for contactless payment.
With Web NFC, a web application can read and write NFC tags via Chrome on an NFC-enabled device. According to Google, this offers all kinds of new web applications, such as giving information about museum exhibitions, inventory management, providing information in a conference badge, and all sorts of other things.
The functionality is not yet available to all users and is only intended for testing purposes. For example, application developers can develop apps that make use of Web NFC. In this way, Google can make further adjustments before the feature becomes available to all users. For the time being, this should happen with the launch of Google Chrome version 84.
Furthermore, the Android version of Chrome 81 warns when users enter stored passwords on insecure websites and try to load HTTP images on https sites via https. If this fails, Chrome will block the images. Ultimately, Google wants to block all HTTP content on https sites. This is also called mixed content. An attacker can modify or intercept this content, or use it, for example, to inject tracking cookies. Through this measure, Google wants to protect users against such attacks.
Google also announced that it intended to remove support for TLS 1.0 and 1.1 in Chrome 81. Some websites still use TLS 1.0 and 1.1 to provide a secure connection. By no longer supporting these TLS protocols, Google Chrome users would no longer be able to visit websites that use these old protocols, according to Google.
More useful articles for you