Google has released Chrome 92, an upgrade that boosts the browser's performance during anti-phishing calculations, expands the reach of its site isolation technologies and adds some new "Chrome Actions" to its repertoire.
The California-based search giant also paid out more than $133,000 in bounties to those who reported some of the 35 vulnerabilities patched in Chrome 92, which was released last week. At least nine of the bugs were marked "High," Google's second-most-serious threat level. A number of the bounties, including four labeled "High," had not yet been assigned a dollar amount, so Google's final payout will almost certainly top the acknowledged total.
Because Chrome updates in the background, most users can finish a refresh by relaunching the browser. To manually update, select "About Google Chrome" from the Help menu under the three-dot icon at the upper right; the resulting tab shows that the browser has been updated or displays the download process before presenting a Relaunch button. People new to Chrome can download version 92 for Windows, macOS, and Linux directly. The Android and iOS browsers can be found in the Google Play and App Store markets, respectively.
Google currently updates Chrome about every six weeks, although the previous version was released May 26. However, Google has said it will accelerate the Chrome release schedule so that by October the interval will have fallen to four weeks.
Analyzing colors to warn of phishing
Google has been making much of Chrome's lean-in on privacy of late, a response to rivals making hay over stopping trackers from following users as they skip from site to site. Google's stated project, dubbed "Privacy Sandbox," laid down new milestones toward the end of June that put off major action until late 2022. While other browser makers have put pedal to the metal on blocking tracking bits, Google said: "We need to move at a responsible pace."
That there are only minor privacy-specific enhancements to Chrome 92, then, comes as no surprise. One that Google highlighted is a new way to access the rights users have awarded specific websites.
In Chrome 92 on Android, users can tap the lock icon at the left side of the address bar to open an updated panel, which shows what permissions have been given the active site. Users can toggle those permissions to withdraw the right to, say, access the device's camera.
The permissions panel will filter to other platforms, including desktop, "in upcoming releases," Google said without getting specific. (This dribble-out practice is a hallmark of Chrome, more so than any other major browser, to some users' frustrations; Google typically cites such staging as appropriately cautious considering the vast number of people who rely on Chrome to reach the Web.)
Lacking a do-it-now plan to address tracking, Google instead focused users' attention to the browser's work on security, something the search giant is much more comfortable touting.
High on its list for version 92 was Google's claim of improved performance while conducting anti-phishing tasks. One way Chrome recognizes known phishing sites — those that, say, masquerade as legitimate websites to capture users' credentials — is by analyzing the page's color profile. That analysis is done locally — Google said that was a sop to privacy — so performance gains can have a major impact on the browser and get results to users faster.
Google claimed that changes to Chrome 92 resulted in a performance increase of up to 50x, cutting alert arrival times from 1.8 seconds to just 100 milliseconds. Overall, Google contended, the improvements reduce Chrome's overall CPU time by 1.2%.
"At Chrome's scale, even minor algorithm improvements can result in major energy efficiency gains in aggregate," said Chrome developer Olivier Li Shing Tat-Dupuis in a post to the Chromium Blog.
Actions! More of them
Elsewhere in Chrome 92, Google has extended the browser's site isolation technology — long a core security component for the browser — to extensions, the add-ons Chrome has popularized.
"As of Chrome 92, we will start extending this capability so that extensions can no longer share processes with each other," Charlie Reis and Alex Moshchuk, two members of the Chrome security team, wrote in a July 20 post to the Google Security Blog. "This provides an extra line of defense against malicious extensions, without removing any existing extension capabilities."
Google has also added additional Chrome Actions, natural language phrases that when typed in the address bar provide shortcuts to various browser settings or functionalities, to version 92. First introduced last November, the list of available Actions now includes new entries such as "safety check," "manage security settings," and "manage sync."
The new actions won't be accessible to everyone immediately, but like so much else in Chrome, will be rolled out gradually to the user base. They were not available in Computerworld's copies of Chrome, for example.
Google will ship Chrome's next upgrade, Chrome 93, on Aug. 31 (or six weeks after v. 92). The first Chrome issued on a four-week interval will be version 95, slated to ship Oct. 19.