Many teachers have been using Chrome Music Lab as a tool in their classrooms to explore music and its connections to science, math, art, and more. They’ve been combining it with dance and live instruments. Here’s a collection of some uses we’ve found on Twitter.
The update patches a total of seven security flaws in the desktop versions of the popular web browser
Google has released an update for its Chrome web browser that fixes a range of security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser.
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used in Chrome and other Chromium-based web browsers.
Beyond the zero-day flaw, the new release fixes six other security loopholes, with Google specifically listing four high-severity vulnerabilities where fixes were contributed by external researchers. The first, indexed as CVE-2021-21222, also affects the V8 engine, however this time it is a heap buffer-overflow bug.
The second flaw, tracked as CVE-2021-21225, also resides in the V8 component and manifests as an out-of-bounds memory access bug. As for CVE-2021-21223, it is found to affect Mojo as an integer overflow bug. The fourth high-severity vulnerability, labeled CVE-2021-21226, is a use-after-free flaw found in Chrome’s navigation.
READ NEXT: Google: Better patching could have prevented 1 in 4 zero‑days last year
“Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data,” warned the Center for Internet Security.
As is common with such releases, the tech titan has not disclosed any further details about the security loopholes until most users have had a chance to update their web browsers to the newest available version, mitigating the chance of the vulnerabilities being exploited by threat actors.
The Government Computer Emergency Response Team Hong Kong (GovCERT.HK) issued a security alert advising users and system administrators to update their browsers. “Users of affected systems should update the Google Chrome to version 90.0.4430.85 to address the issue,” said the agency.
Considering the disclosed vulnerabilities, users would do well to update their browsers to the latest version (90.0.4430.85) as soon as practicable. If you have automatic updates enabled, your browser should update by itself. You can also manually update your browser by visiting the About Google Chrome section, which can be found under Help in the menu bar.
Google Chrome has been at the center of a significant privacy controversy in recent weeks. Google wants to replace third-party cookies that advertisers employ to track users online and serve personalized ads with a new tracking technology that’s supposedly more private. Called FLoC, the feature is already in testing on a limited number of Chrome users who won’t even know they’ve been included in the pilot, as they’re not explicitly informed and asked whether they want to join. The FLoC initiative has seen plenty of criticism from the EFF, with some Google competitors, including DuckDuckGo and Brave, already taking action against the new tracking features.
But Chrome remains the world’s most popular browser, a tool that many people rely on to surf the web for personal and professional reasons. Google continues to update it regularly, releasing novel features and security updates that users need to be aware of. The latest major Chrome update is already out, bringing various improvements, including a security feature that should improve your safety.
You Save: $5.00 (17%)
As previously announced, Google Chrome will finally force all website traffic to the HTTPS protocol instead of the HTTP. Many sites have already implemented HTTPS on their own, but there are still holdouts that rely on the original protocol, which is less secure. HTTPS encrypts the traffic sent over the network, and this improves user privacy. The information sent between you and the websites you visit can’t be intercepted, as it would be the case for HTTP.
Chrome 90 will now default all traffic over HTTPS connections, which will have another welcome side effect. Some sites might load even faster than before, as the browser will connect directly to HTTPS without redirecting traffic from HTTP to HTTPS first. In a blog post explaining the feature, Google said there would be some exceptions on sites that did not implement HTTPS. Chrome will try to force the connection over the more secure protocol, but it’ll fall back to HTTP if the initial attempt fails.
The HTTPS traffic default might be the highlight of Chrome 90, but the new release brings other features long-time users might notice. The browser now supports the AV1 codec, which should improve video conferencing on Chrome, a common work-from-home habit during the pandemic. The new codec should enhance the quality of video even over poor connectivity. AV1 will also offer a better screen-sharing experience than before.
Chrome 90 users will also notice a new Tab Search feature that will help them quickly find the website they need. The feature can come in handy if you keep a large number of tabs open in Chrome.
Also important is the fact that Chrome 90 patches 37 security bugs, including a brand new zero-day vulnerability issue.
Chrome 90 also brings new features for developers, including support for CSS overflow, which will prevent scrolling inside a CSS box. The Feature Policy is now called Permissions Policy, “which allows you to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser.”
If you have Chrome installed on your Windows or Mac, you should update to Chrome 90 as soon as possible. The full changelog is available at this link, with notes for developers available here.