Chrome 128 (version 128.0.6613.85) is available with security updates and the Latest bug fixes. Today's release also includes new features including Isolated Web Apps, standardized CSS zoom support, new Attribution Reporting API features, CSS ruby-align property functionality, line-breakable Ruby support, and more. The latest release also addresses 38 security vulnerabilities.
To get the latest Chrome update download on your device select Menu > Help > About Google Chrome or load chrome://settings/help directly to run a manual update check. Chrome downloads and installs the new version then automatically. A restart of the browser is required.
If you are looking for Chrome offline installer get it here.
What’s new Chrome 128 update?
The latest Chrome release brings, several new features and bug fixes to enhance the browsing experience.
The Chrome 128 release brings several key features and improvements aimed at enhancing both security and usability. A notable addition is Isolated Web Apps, which strengthen protection against tampering and web server compromises, though this feature is currently limited to enterprise-managed ChromeOS devices. This builds on previous work with Progressive Web Apps (PWAs) and Web Packaging, offering a more secure browsing experience.
Another significant update is the standardization of the CSS zoom property. Previously, this property was non-standard, leading to inconsistent behaviour across different browsers. Chrome 128 now fully supports it, making it easier for developers to control the scaling of elements on a webpage. This update is part of Chrome’s broader effort to align with modern web standards.
The release also introduces enhancements to the Attribution Reporting API, which aids in measuring online ad effectiveness while respecting user privacy. Additionally, support for the ruby-align property and line-breakable Ruby annotations improve the presentation of East Asian typography on the web, making it easier to create accessible and visually appealing content.
For developers, Chrome 128 adds features like Promise.try, which simplifies asynchronous operations in JavaScript, and WebAuthn hints, which enhance the user experience during authentication. Additionally, support for WebGPU HDR has been introduced under a developer trial flag, enabling richer graphics for web applications.
Security remains a priority, with Chrome 128 addressing several vulnerabilities by fixing seven high-priority Common Vulnerabilities and Exposures (CVEs). These updates highlight Chrome’s commitment to maintaining a secure browsing environment.
[$36000][358296941] High CVE-2024–7964: Use after free in Passwords. Reported by Anonymous on 2024–08–08
[$11000][356196918] High CVE-2024–7965: Inappropriate implementation in V8. Reported by TheDog on 2024–07–30
[$10000][355465305] High CVE-2024–7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024–07–25
[$7000][355731798] High CVE-2024–7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024–07–27
[$1000][349253666] High CVE-2024–7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024–06–25
[TBD][351865302] High CVE-2024–7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024–07–09
[TBD][360700873] High CVE-2024–7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024–08–19
[$11000][345960102] Medium CVE-2024–7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024–06–10
[$7000][345518608] Medium CVE-2024–7973: Heap buffer overflow in PDFium. Reported by soiax on 2024–06–06
[$3000][339141099] Medium CVE-2024–7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024–05–07
[$3000][347588491] Medium CVE-2024–7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024–06–16
[$2000][339654392] Medium CVE-2024–7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024–05–10
[$1000][324770940] Medium CVE-2024–7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024–02–11
[$1000][40060358] Medium CVE-2024–7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022–07–21
[TBD][356064205] Medium CVE-2024–7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024–07–29
[TBD][356328460] Medium CVE-2024–7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024–07–30
[$1000][40067456] Low CVE-2024–7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023–07–14
[$500][350256139] Low CVE-2024–8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024–06–30
[$500][353858776] Low CVE-2024–8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024–07–18
[TBD][40059470] Low CVE-2024–8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022–04–26
Comments
Post a Comment