Google on Tuesday announced Chrome 91, which includes 32 security fixes, lots of usability features, and notably, that the ChromeOS will now support Linux.
This latest version of Chrome supports DoH, or DNS-over-HTTPS, said Sean Nikkel, senior cyber threat intel analyst at Digital Shadows. Nikkel said the DoH feature was previously only available in other browsers and operating systems and offers a much more secure method for making DNS requests.
“DoH aims to keep users safe from various man-in-the-middle attacks that allow attackers to manipulate DNS results, and, as a result, keeps the session more secure,” Nikkel explained.
While the Chrome 91 release did add stronger support for Linux, John Hammond, senior security researcher at Huntress, believed that the security fixes are much more significant. Among the 32 fixes, Hammond said Google listed 21 that were contributed by external researchers, including fixes for seven security risks marked “high” in criticality.
Hammond said Google’s high-severity fixes address weaknesses that could potentially allow a remote attacker to execute arbitrary code on an unknowing target. He said if a web browser were not running in a sandboxed mode or other protections didn’t step in, the attacker could compromise any end-user that visited a specially-crafted webpage.
“Browser security is a strange animal in our industry,” Hammond said. “It requires significant protection because web browsers are so ubiquitous, constantly in use, and inherently interact with unknown and external services across the entire internet. It’s great to see this new release continue to crack down on security issues like this, and I offer kudos to the community contributors.”
On the usability front, web apps in Chrome 91 now start up automatically once the user signs into their account on the browser by right-clicking the app icon. Users can also now copy and paste a file onto a web page.
“What sticks out to me are the usability improvements on this latest release,” said John Bambenek, threat intelligence advisor at Netenrich. “As more and more of typical computer use, especially Chromebooks, is entirely contained in the browser, this adds more features that make it easier. It should come as no surprise that Google wants to keep users in the browser as much as possible and it’s clear they are finding features to make that easier.”
