New Chrome 77 update fixes more than 50 security vulnerabilities

Google has released the new Chrome version 77.0.3865.75. The developers have implemented some news for web developers. They also have eliminated numerous security vulnerabilities.

The Chrome Release Blog lists 36 vulnerabilities discovered by external security researchers. In return, Google is distributing bug rewards totaling more than $30,000. In addition to the critical vulnerability CVE-2019-5870, Google rates eight more as high risk. As always, Google does not comment on the vulnerabilities found internally.

The WebVR 1.1 interface is now deprecated and has never been upgraded to the Web standard. With Chrome 79 WebVR should disappear from the browser. It will replace the WebXR Device API, which will ship with Chrome 78. The use of Web MIDI, however, is now limited to Web applications of secure origin and requires the express permission of the user.

Also in Chrome 78 Google wants to start attempts with DNS over HTTPS (DoH). Chrome should check whether the DNS provider used by the user is on a list of DNS providers that already support DoH. Then DoH is used, otherwise it stays with the previous behavior. DoH should hide DNS requests, which are still sent unencrypted, to third parties by means of HTTPS. This means better privacy protection.

Chrome 77 for Android (77.0.3865.73) has also been released and will be distributed in the coming days as an update to the Android devices.