Google Chrome v125.0 Official Release: New Features Including Protection Against Mouse and Keyboard Hijacking
Brook.X
For Google Chrome users, updates are a constant affair, thankfully, automatic updates are now available for users in China, sparing them the hassle of manually downloading and installing updates. This marks the third update in the last ten days.
The latest update, Chrome v125.0, is the first official release of the v125.0 series. It introduces some new features while continuing to address security vulnerabilities, including one reported by the Kaspersky security team that has been exploited by hackers.
Interestingly, Google was scheduled to release v125.0 yesterday, but LanDian News speculates that the release was delayed due to the number of security vulnerabilities that needed to be fixed.
Security Updates:
- CVE-2024-4947: Critical, a type confusion issue in the V8 engine, reported by researchers at Kaspersky Lab, already exploited by hackers.
- CVE-2024-4948: Critical, a use-after-free vulnerability in Dawn, reported by security researcher wgslfuzz.
- CVE-2024-4949: Medium, a use-after-free vulnerability in the V8 engine, reported by the ChaMd5-H1 team's @refrain_areu.
- CVE-2024-4950: Low, improper implementation in downloads, reported by researcher Shaheen Fazim.
New Protection Against Mouse and Keyboard Hijacking:
In this version, Google tests new privacy control features on the desktop version, which require additional approval when websites need to access the user's keyboard and mouse operations to prevent hijacking without the user's knowledge.
There are many websites that require access to the mouse and keyboard, such as the now-shuttered Google Stadia cloud gaming project, which required remote user input.
Websites can only access the mouse and keyboard with user approval. Additionally, this new control feature includes extra checks that require confirmation when closing a window, preventing data loss due to accidental closure.
Enhanced Security for Windows Version:
Google has placed the network service for Chrome for Windows in a sandbox, further securing it. Although the Network Service already operates in its own process, running it inside a sandbox increases the difficulty of injecting malicious code, thereby enhancing security.
Automatic Tab Cleanup:
For Chrome for Android, Google introduced an automatic cleanup feature with options for 7, 14, or 21 days. With this feature enabled, if a user has tabs that have not been closed, they will be automatically closed after the selected period without manual intervention.
This feature needs to be manually enabled at chrome://flags/#android-tab-declutter, although it seems it might not be effective yet and may require some waiting.
