Mixed Messages of Google Chrome 97: Worse Privacy, Better Security

Google pushed out a new Chrome version 97.0.4692.99 with much fanfare about a number of serious security fixes it brings.

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity [CVE-2022-0289, a critical use-after-free flaw in Safe Browsing that can achieve arbitrary code execution], 16 high-severity, and five medium-severity issues.

Meanwhile, Google also intentionally reduced safety by including a well-known flaw in the same version; a collaboration effort with Microsoft.

Google Chrome 97 arrived on Tuesday, bringing with it a Microsoft-backed keyboard API rejected by Apple and Mozilla on privacy grounds. […] As Apple software engineer Ryosuke Niwa wrote in a GitHub Issues post in 2019, “the Keyboard Map API as proposed exposes a high entropy fingerprinting surface. This is not acceptable from [a] privacy perspective.”

And to the person in England reading this blog right now using Chrome 97 on macOS 10.15.7 (November 2020)… yes, I hear you (malicious audio file can lead to arbitrary code execution CVE-2021-30958), but what are you even doing?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.