Chrome 71 is out: swats 43 bugs and clamps down on bad ads

Credit: ID 31591162 © Milo827 | Dreamstime.com

Google will pay out at least $59,000 to researchers for reporting dozens of security bugs found in Chrome version 70 and prior. 

Google has released the stable version of Chrome 71 for Windows, Mac and Linux with 43 security fixes, including a patch for Site Isolation, an important feature for minimizing the risk of malicious websites using the Spectre flaws affecting CPUs from Intel, AMD, Arm and others. 

Chrome 71 expands Google’s move against sites with “abusive experiences” that pushed Chrome users to sites they don’t want to visit. Previous approaches included a pop-up blocker and restricting autoplay videos, while last year’s efforts aimed to prevent surprise redirects through links and buttons on a site. 

Chrome 71 closes an apparent loophole in its Google’s previous clampdown by removing all ads on the fraction of sites with “persistent abusive experiences”. 

Google was targeting ads of the type commonly used by tech support scams, such as ads displaying system warnings and bogus “close” buttons. Google decided to tackle ads after discovering that nearly all of the  abusive experiences it was missing to date relied on bad ads. 

Chrome 71 also cracks down on vague information available when users are inputting information on subscription pages. In November Google said millions of Chrome users see mobile pages with poor information about subscriptions. 

As of this version, Chrome will show a warning before users enter a page where billing information is required. The warnings target pages that allow users to subscribe by typing in their phone number, resulting in charges to the user’s mobile subscription. 

The latest version of Chrome also fixes 13 high severity flaws in Chrome 70 and earlier, including bugs that affect the browser’s V8 JavaScript engine, its PDF engine, and the Blink rendering engine.   

The highest single payout was made for a medium seventy issue concerning “inappropriate implementation in Site Isolation”. 

Site Isolation was one of the key Chrome mitigations for JavaScript threats posed by the Spectre CPU side channel flaws, which could allow an attacker to leak information from one tab to another by accessing memory that should be isolated. It was introduced in Chrome 67. Browsers were potentially exposed because they can run JavaScript from several websites in the same process.  

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Googlechromespectre

More about AMDGoogleIntelLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts