Google released Chrome 100. In this release, Google fixed 28 security issues and added additional features. The new features include:
Screen sharing fix for macOS
Chrome major version number reaches 100
Updates for Legacy Browser Support <open-in> rules
Chrome 100 removes the AllowSyncXHRInPageDismissal policy
New WebHID enterprise policies
Chrome 100 removes Lite Mode on Android
Chrome Actions introduced on Android
Chrome on Android supports login using QR codes
Updates to the Certificate Transparency policy
Multi-Screen Window Placement API stable launch
Changes to tab-sharing blue border behavior
Chrome on iOS users can choose their default website view
Chrome adds Google Account-tied tokens to Enhanced Safe Browsing pings
Dismiss password alerts on Desktop
Chrome expands SCT auditing to more users
Chrome no longer supports TLS 1.0/1.1 on Android WebView
New and updated policies in Chrome browser
Details on all of these features can be found on the Chrome Status page. As always, Google takes its time with putting our a larger blog post covering the most important changes however, you can find a very brief summary on the Chrome release page.
Regarding security, Google fixed the following vulnerabilities disclosed by external researchers:
CVE-2022-1125: Use after free in Portals.
CVE-2022-1127: Use after free in QR Code Generator.
CVE-2022-1128: Inappropriate implementation in Web Share API.
CVE-2022-1129: Inappropriate implementation in Full Screen Mode.
CVE-2022-1130: Insufficient validation of untrusted input in WebOTP.
CVE-2022-1131: Use after free in Cast UI.
CVE-2022-1132: Inappropriate implementation in Virtual Keyboard.
CVE-2022-1133: Use after free in WebRTC.
CVE-2022-1134: Type Confusion in V8.
CVE-2022-1135: Use after free in Shopping Cart.
CVE-2022-1136: Use after free in Tab Strip.
CVE-2022-1137: Inappropriate implementation in Extensions.
CVE-2022-1138: Inappropriate implementation in Web Cursor.
CVE-2022-1139: Inappropriate implementation in Background Fetch API.
CVE-2022-1141: Use after free in File Manager.
CVE-2022-1142: Heap buffer overflow in WebUI.
CVE-2022-1143: Heap buffer overflow in WebUI.
CVE-2022-1144: Use after free in WebUI.
CVE-2022-1145: Use after free in Extensions.
CVE-2022-1146: Inappropriate implementation in Resource Timing.
With the report below, you can easily find which computers in your network do not have this latest Chrome version installed. Simply run the report to get a complete overview of your environment.
2022-03-31
– Updated report to fix issue with Chrome’s extra version number
Run our Chrome 100 Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
Case
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) > 100 Then
'Up to date'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 100 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) > 4896
Then 'Up to date'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 100 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 4896
And Cast(ParseName(tblSoftware.softwareVersion, 1) As int) >= 60 Then
'Up to date'
Else 'Out of date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged,
Case
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) > 100 Then
'#d4f4be'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 100 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) > 4896
Then '#d4f4be'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 100 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 4896
And Cast(ParseName(tblSoftware.softwareVersion, 1) As int) >= 60 Then
'#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%Google Chrome%' And
tblSoftwareUni.SoftwarePublisher Like '%Google%' And tblState.Statename =
'Active'
