Google has become exceedingly efficient at rolling out milestone updates to the Chrome browser. Ever since the update schedules all shifted to a 4-week calendar, the Chrome browser for Windows, macOS, and Linux has arrived like clockwork. (ChromeOS? Not quite as timely but you’re still doing good Google.) While this generally results in fewer big upgrades per version, it equates to smoother, bug-free updates for users.
The latest version of the Chrome browser arrived this week and despite being thin on features, the updates in Chrome 107 are vital to the ongoing progression of web technology. Let’s take a look at what’s new in Chrome 107 on the front end and then, we’ll cover the under-the-hood updates for Google’s desktop browser.
HVEC hardware decoding
If you were around our site back in the spring, you might recall me writing a little piece about my Chromebook not being able to play the videos I recorded on my Pixel 6. Come to find out, the Chrome browser didn’t support playback of the H.265 format that Google uses in the Pixel’s Storage Saver setting. This converts the video to the HVEC/H.265 format to save space while retaining video quality. I had never run into this problem before because my Chromebook is usually in the Canary channel and my browser already had support for the newer video codec.
Chrome 107 brings that support to the stable version of the browser and that means that Chromebooks won’t be far behind as the update to ChromeOS 107 is technically due out today. This feature/update is shipped with all versions of Chrome 107 including Android, Web View, and all desktop builds.
Widevine DRM sunsetting
If you’ve ever tried to stream content on a device and received a notification that the content was protected and unable to be viewed, it was likely a DRM issue. Digital Rights Management, A.K.A. DRM, is simply a means to protect digital content from being used or downloaded illegally. Widevine is Google’s proprietary CDM(Content Decryption Module) used by Chrome and other browsers to verify that a device or session is accessing content lawfully by decrypting embedded DRM data. The level of Widevine on your specific device or platform can also determine how you can view specific content. A level 1 Widevine certification is required to stream HDR and other high-res content on platforms such as Netflix
With Chrome 107, Google has begun the deprecation of Widevine to prepare the way for a new CDM that launched in Chrome Canary back in September. The new CDM will ship to other Chromium-based browsers over the coming weeks in preparation for Widevine being blocked entirely.
Updates and patches
That’s about it for front-facing updates. I told you. The features are thin in 107 but that’s not to say it isn’t a welcome update. Along with some developer features, this version of Chrome for desktops includes some high-level security patches that netted developers and bug hunters more than $55,000 in bug bounties. Below, you will find the security patches that rolled out with Chrome 107.
- [$20000][1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
- [$17000][1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
- [$TBD][1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
- [$7000][1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [$3000][1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
- [$2000][1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
- [$2000][1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
- [$2000][1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
- [$1000][1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
- [$3000][1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04
Stay tuned for more updates as we patiently await ChromeOS 107 to arrive. If you’d like to learn more about what’s new in Chrome developer tools, you can find more information on the Chrome Developer’s blog here.
Leave a Reply
You must be logged in to post a comment.