Google Chrome 107 release: Here’s what you need to know

On Thursday, the Google Chrome 107 release started rolling out to all supported Windows, Mac, and Linux devices. That includes Chromebooks running the Lacros browser, which I primarily use. Many of the changes are invisible behind the scenes while a few new customer-facing features now appear.

Right off the bat, if you have Windows 7 or 8.1 on your computer, you should know that Chrome’s days are numbered for you. Google Chrome will no longer support those older versions of Windows, starting with Chrome 110. That means it’s time to start shopping around for another browser or consider installing ChromeOS Flex on older hardware.

For now, everyone gets Google Chrome 107, and here are the key things you need to know about it.

Phase 5 of the User Agent Reduction effort

Google has been working to reduce the amount of information contained in the user-agent string of Chrome for some time. With the Google Chrome 107 release, that effort continues. The purpose of this is to eliminate browser fingerprinting: A way for third-party sites to track your data and online behaviors. Here’s how the World Wide Web Consortium describes this activity:

Browser fingerprinting uses small variations in your Web browser implementation and configuration — as well as that of your computer itself — to uniquely identify it and correlate it with your activity.

A redesigned Chrome Downloads interface

We knew this was coming based on some Chromebook code found several months ago. And this experimental feature was initially rolled out with Google Chrome 102. It’s now official although there’s an enterprise policy to disable it for Chrome Enterprise users. When downloading any files, a new icon appears to the right of the omnibox where you can view in-progress and previous downloaded file information.

Password imports in the Google Chrome 107 release

In prior Chrome versions, you could import passwords through the passwords.google.com site. With Google Chrome 107, that same password import functionality is built into Chrome’s Password Manager. Any CSV file of passwords can be imported directly through the Password Manager in Chrome now.

Fewer disruptive notifications

Google keeps a list of sites that don’t adhere to its Developer Terms of Service. If a website is on that list, Google Chrome 107 will automatically revoke notification permissions for these sites.

Google Chrome 107 release includes 14 security fixes

Although most of the language of the 14 security fixes won’t mean much to most people, they’re important. Here’s a list of security flaws that Google Chrome 107 addresses, along with the monetary bounties paid to those who found them:

• [$20000][1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30
• [$17000][1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19
• [$TBD][1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19
• [$7000][1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
• [$3000][1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18
• [$2000][1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09
• [$2000][1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14
• [$2000][1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23
• [$1000][1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20
• [$3000][1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04

With the Google Chrome 107 release available now, Chrome OS 107 should be one to two weeks behind. So even if you’re not using the Lacros browser on a Chromebook, you’ll see these changes and more soon.