Google has published the release of the web browser Chrome 142. At the same time, a stable release of the free project Chromium, which serves as the basis of Chrome, is available. The Chrome browser differs from Chromium in the use of Google logos, the presence of a system for sending notifications in case of a crash, modules for playing copy-protected video content (DRM), an automatic update installation system, the constant inclusion of Sandbox isolation, supplying keys to the Google API and passing RLZ parameters during searches. For those who need more time to update, the Extended Stable branch is separately supported, followed by 8 weeks. The next release of Chrome 143 is scheduled for December 2.
- Enabled protection from accessing the local system when interacting with public sites. When accessing from a website on a public or internal network (intranet) to the local system IP addresses or loopback interface (127.0.0.0/8), the browser will display a dialog to the user asking for confirmation of the operation. Protection actions include attempts to load resources, fetch() requests, and iframe insertions. Protection is not yet applied to connections via WebSockets, WebTransport and WebRTC, but will be added for these technologies later.
Access to internal resources is used by attackers to carry out CSRF attacks on routers, access points, printers, corporate web interfaces and other devices and services that accept requests only from the local network. In addition, scanning internal resources can be used to indirectly identify or collect information about the local network.
- A single, simplified interface is provided for linking to a Google account and synchronizing data such as saved passwords and bookmarks. Synchronization is integrated with account login and is not presented as a separate option in the settings. Users can connect Chrome to a Google account and use it to store passwords, bookmarks, browsing history, and tabs. The opportunity is currently activated for some users, the coverage will gradually increase.
- A new process isolation model is used – “Origin Isolation”, in which each content source (origin