Tag Archives: Chrome

How to restore a browser window you just closed by accident

Most browser tabs are full of good intentions, from articles you meant to finish reading to emails deserving of a reply. And it makes sense to feel anxiety over accidentally losing them: One wrong click or errant keystroke and you might trigger an extinction-level event on your precious tabs.

Chrome users, thankfully, have a built-in safety net designed to instantly reverse this panic-inducing outcome. Follow these simple steps to restore a recently closed browser window — and all of your tabs with it — that you may have shut by mistake:

  1. Click the three dots in the top right corner of an open Chrome window.
  2. Hover over “History.”
  3. Click the first option on the drop-down menu under “Recently Closed" to open the last window you shut. (If a recently closed window had multiple tabs, the number of tabs will show in the drop-down menu.)
  4. Click on “Restore Window.”

To make this process even simpler, you can use the keyboard shortcut Control/Command + Shift + T, which will bring up a window of all the tabs you just closed out.

Image of the restore window function in Google Chrome with blue spotlights on "History" and the "7 Tabs" window option

Restoring recently closed windows takes just a few clicks.

That’s it. But if you want to rest even easier, you can build in an additional safeguard to preserve and restore the tabs you visit most frequently using Chrome’s “bookmark all tabs” feature.

To do that:

  1. Open your browser window and arrange your tabs the way you want.
  2. Navigate to the same Chrome drop-down menu as above and hover over “Bookmarks.”
  3. Click “Bookmark All Tabs.”
  4. Chrome will open a prompt to bookmark all the tabs into a new or existing bookmark folder.
Image of Google Chrome's bookmark all tabs feature with blue spotlights on "Bookmarks" and "Bookmark All Tabs"

Bookmarking all your tabs in Chrome is one easy way to keep your browsing organized.

Now you can restore any browser window in seconds, any time, with your favorite tabs arranged just the way you like them.

Helpful as these features are, they’re just the beginning of what Chrome can do to keep you organized. See for yourself: Five members of Google’s Chrome team recently revealed the beginner-friendly tricks they use to restore hours of productivity every week. And now you can feel safe opening that article in a tab to read later.

Test drive new McLaren Formula 1 themes in your Chrome browser

We’re more than halfway through a thrilling Formula 1 season, and McLaren is locked in a tight battle in the 2022 World Constructors Championship. Earlier this year, we partnered with the McLaren F1 Team to distribute Chrome browser and almost 500 Android devices – including phones, tablets and earbuds – across their entire racing organization to help streamline communications on race day.

When McLaren debuted Chrome-inspired wheel covers, fans around the world told us they wanted more. Starting at this weekend’s Singapore Grand Prix, you’ll find more Chrome branding featured on their engine covers as part of our ongoing partnership.

You can now personalize your Chrome browser with exclusive themes inspired by the McLaren F1 Team. The six new themes feature McLaren’s papaya car, and race day images from some of your favorite circuits.

  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.

Chrome puts you in the driver’s seat when it comes to customizing your browser the way you want. So if you want a faster, safer browser that also shows support for the McLaren F1 team, try out one of our new desktop themes on Chrome for race day and everyday.

Source: Google Chrome


Test drive new McLaren Formula 1 themes in your Chrome browser

We’re more than halfway through a thrilling Formula 1 season, and McLaren is locked in a tight battle in the 2022 World Constructors Championship. Earlier this year, we partnered with the McLaren F1 Team to distribute Chrome browser and almost 500 Android devices – including phones, tablets and earbuds – across their entire racing organization to help streamline communications on race day.

When McLaren debuted Chrome-inspired wheel covers, fans around the world told us they wanted more. Starting at this weekend’s Singapore Grand Prix, you’ll find more Chrome branding featured on their engine covers as part of our ongoing partnership.

You can now personalize your Chrome browser with exclusive themes inspired by the McLaren F1 Team. The six new themes feature McLaren’s papaya car, and race day images from some of your favorite circuits.

  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.
  • Image of a Chrome browser window with the McLaren F1 car, showcasing the Chrome logo on its engine cover.

Chrome puts you in the driver’s seat when it comes to customizing your browser the way you want. So if you want a faster, safer browser that also shows support for the McLaren F1 team, try out one of our new desktop themes on Chrome for race day and everyday.

Source: Google Chrome


Use-after-freedom: MiraclePtr

Posted by Adrian Taylor, Bartek Nowierski and Kentaro Hara on behalf of the MiraclePtr team

Memory safety bugs are the most numerous category of Chrome security issues and we’re continuing to investigate many solutions – both in C++ and in new programming languages. The most common type of memory safety bug is the “use-after-free”. We recently posted about an exciting series of technologies designed to prevent these. Those technologies (collectively, *Scan, pronounced “star scan”) are very powerful but likely require hardware support for sufficient performance.

Today we’re going to talk about a different approach to solving the same type of bugs.

It’s hard, if not impossible, to avoid use-after-frees in a non-trivial codebase. It’s rarely a mistake by a single programmer. Instead, one programmer makes reasonable assumptions about how a bit of code will work, then a later change invalidates those assumptions. Suddenly, the data isn’t valid as long as the original programmer expected, and an exploitable bug results.

These bugs have real consequences. For example, according to Google Threat Analysis Group, a use-after-free in the ChromeHTML engine was exploited this year by North Korea.

Half of the known exploitable bugs in Chrome are use-after-frees:

Diving Deeper: Not All Use-After-Free Bugs Are Equal

Chrome has a multi-process architecture, partly to ensure that web content is isolated into a sandboxed “renderer” process where little harm can occur. An attacker therefore usually needs to find and exploit two vulnerabilities - one to achieve code execution in the renderer process, and another bug to break out of the sandbox.

The first stage is often the easier one. The attacker has lots of influence in the renderer process. It’s easy to arrange memory in a specific way, and the renderer process acts upon many different kinds of web content, giving a large “attack surface” that could potentially be exploited.

The second stage, escaping the renderer sandbox, is trickier. Attackers have two options how to do this:

  1. They can exploit a bug in the underlying operating system (OS) through the limited interfaces available inside Chrome’s sandbox.
  2. Or, they can exploit a bug in a more powerful, privileged part of Chrome - like the “browser” process. This process coordinates all the other bits of Chrome, so fundamentally has to be all-powerful.

We imagine the attackers squeezing through the narrow part of a funnel:

If we can reduce the size of the narrow part of the funnel, we will make it as hard as possible for attackers to assemble a full exploit chain. We can reduce the size of the orange slice by removing access to more OS interfaces within the renderer process sandbox, and we’re continuously working on that. The MiraclePtr project aims to reduce the size of the blue slice.

Here’s a sample of 100 recent high severity Chrome security bugs that made it to the stable channel, divided by root cause and by the process they affect.

You might notice:

  • This doesn’t quite add up to 100 - that’s because a few bugs were in other processes beyond the renderer or browser.
  • We claimed that the browser process is the more difficult part to exploit, yet there are more potentially-exploitable bugs! That may be so, but we believe they are typically harder to exploit because the attacker has less control over memory layout.

As you can see, the biggest category of bugs in each process is: V8 in the renderer process (JavaScript engine logic bugs - work in progress) and use-after-free bugs in the browser process. If we can make that “thin” bit thinner still by removing some of those use-after-free bugs, we make the whole job of Chrome exploitation markedly harder.

MiraclePtr: Preventing Exploitation of Use-After-Free Bugs

This is where MiraclePtr comes in. It is a technology to prevent exploitation of use-after-free bugs. Unlike aforementioned *Scan technologies that offer a non-invasive approach to this problem, MiraclePtr relies on rewriting the codebase to use a new smart pointer type, raw_ptr<T>. There are multiple ways to implement MiraclePtr. We came up with ~10 algorithms and compared the pros and cons. After analyzing their performance overhead, memory overhead, security protection guarantees, developer ergonomics, etc., we concluded that BackupRefPtr was the most promising solution.

The BackupRefPtr algorithm is based on reference counting. It uses support of Chrome's own heap allocator, PartitionAlloc, which carves out a little extra space for a hidden reference count for each allocation. raw_ptr<T> increments or decrements the reference count when it’s constructed, destroyed or modified. When the application calls free/delete and the reference count is greater than 0, PartitionAlloc quarantines that memory region instead of immediately releasing it. The memory region is then only made available for reuse once the reference count reaches 0. Quarantined memory is poisoned to further reduce the likelihood that use-after-free accesses will result in exploitable conditions, and in hope that future accesses lead to an easy-to-debug crash, turning these security issues into less-dangerous ones. 

class A { ... };
class B {
  B(A* a) : a_(a) {}
  void doSomething() { a_->doSomething(); }
  raw_ptr<A> a_;  // MiraclePtr
};

std::unique_ptr<A> a = std::make_unique<A>();
std::unique_ptr<B> b = std::make_unique<B>(a.get());
[…]
a = nullptr;  // The free is delayed because the MiraclePtr is still pointing to the object.
b->doSomething();  // Use-after-free is neutralized.

We successfully rewrote more than 15,000 raw pointers in the Chrome codebase into raw_ptr<T>, then enabled BackupRefPtr for the browser process on Windows and Android (both 64 bit and 32 bit) in Chrome 102 Stable. We anticipate that MiraclePtr meaningfully reduces the browser process attack surface of Chrome by protecting ~50% of use-after-free issues against exploitation. We are now working on enabling BackupRefPtr in the network, utility and GPU processes, and for other platforms. In the end state, our goal is to enable BackupRefPtr on all platforms because that ensures that a given pointer is protected for all users of Chrome.

Balancing Security and Performance

There is no free lunch, however. This security protection comes at a cost, which we have carefully weighed in our decision making.

Unsurprisingly, the main cost is memory. Luckily, related investments into PartitionAlloc over the past year led to 10-25% total memory savings, depending on usage patterns and platforms. So we were able to spend some of those savings on security: MiraclePtr increased the memory usage of the browser process 4.5-6.5% on Windows and 3.5-5% on Android1, still well below their previous levels. While we were worried about quarantined memory, in practice this is a tiny fraction (0.01%) of the browser process usage. By far the bigger culprit is the additional memory needed to store the reference count. One might think that adding 4 bytes to each allocation wouldn’t be a big deal. However, there are many small allocations in Chrome, so even the 4B overhead is not negligible. PartitionAlloc also uses pre-defined bucket sizes, so this extra 4B pushes certain allocations (particularly power-of-2 sized) into a larger bucket, e.g. 4096B->5120B.

We also considered the performance cost. Adding an atomic increment/decrement on common operations such as pointer assignment has unavoidable overhead. Having excluded a number of performance-critical pointers, we drove this overhead down until we could gain back the same margin through other performance optimizations. On Windows, no statistically significant performance regressions were observed on most of our top-level performance metrics like Largest Contentful Paint, First Input Delay, etc. The only adverse change there1 is an increase of the main thread contention (~7%). On Android1, in addition to a similar increase in the main thread contention (~6%), there were small regressions in First Input Delay (~1%), Input Delay (~3%) and First Contentful Paint (~0.5%). We don't anticipate these regressions to have a noticeable impact on user experience, and are confident that they are strongly outweighed by the additional safety for our users.

We should emphasize that MiraclePtr currently protects only class/struct pointer fields, to minimize the overhead. As future work, we are exploring options to expand the pointer coverage to on-stack pointers so that we can protect against more use-after-free bugs.

Note that the primary goal of MiraclePtr is to prevent exploitation of use-after-free bugs. Although it wasn’t designed for diagnosability, it already helped us find and fix a number of bugs that were previously undetected. We have ongoing efforts to make MiraclePtr crash reports even more informative and actionable.

Continue to Provide Us Feedback

Last but not least, we’d like to encourage security researchers to continue to report issues through the Chrome Vulnerability Reward Program, even if those issues are mitigated by MiraclePtr. We still need to make MiraclePtr available to all users, collect more data on its impact through reported issues, and further refine our processes and tooling. Until that is done, we will not consider MiraclePtr when determining the severity of a bug or the reward amount.

1 Measured in Chrome 99.

10 ways students can make the most of Chrome

Whether you’re getting back into the swing of schoolwork or already in the middle of the school year, you can use Chrome to help you study.

Here are 10 ways Chrome can help students get their work done in the classroom or at home:

1. Turn on Live Caption

Need to watch a video for history class, but stuck in a noisy study hall without headphones? Use Live Caption on Chrome to automatically generate real-time captions on media with audio. It works across different content like social and video sites, podcasts, and embedded video players. And it can make content accessible if you are deaf or hard of hearing or need to read along while you listen.

2. Organize projects with Chrome's tab groups

If you tend to find yourself with so many open tabs that you can’t keep track of, tab groups are here to help. Keep the chaos under control by sorting open tabs into groups for your projects or classes. Doing research for a paper? You can move all the tabs you’re referencing into a group and then click its name to collapse it when you’re working on other things.

3. Open accidentally closed tabs

We’ve all been there: you find the perfect website for your research project on marine biology, but in a sea of sources you accidentally close the tab. Chrome has your back. Press Control/Command + Shift + T to bring the most recently closed tab back up. Or, check your history to see all of your recently visited sites.

4. Review your security settings

In the event you stumble upon a potentially harmful website or encounter a malicious file while working, Chrome’s security features can keep your computer secure. Looking for extra credit? Turn on enhanced protection to activate additional safety layers against phishing and malware.

5. Sync across your devices

Whether you’re on your phone or your laptop, you can easily sync your bookmarks, passwords and other settings. Finish reading that article from class earlier that day, or brush up on your Spanish vocabulary words from your phone while you wait for track practice to start. At any time, you can turn off sync or choose what to sync in your settings.

6. Right-click to search highlighted text

Another handy shortcut on Chrome is the ability to highlight and right-click to quickly search text. Reading a dense piece of text and not sure what “hyperbolic” means? Have instructions to “use the quadratic formula to solve” and don’t have the equation handy? Highlight the text, right-click and select “Search [provider] for [text]” and a new tab will open with a pre-filled search for the highlighted text.

7. Use the Chrome address bar for answers…

Solve math problems, answer basic questions or perform conversions within your Chrome address bar. Chrome will show you answers without even needing to press enter.

8. …and to quickly complete a task

With Chrome Actions, you can also easily create new Docs, Sheets and more directly from the address bar — just type “Create Google Doc.”

9. Use Chrome extensions

Whether you need a helping hand taking notes, a better way to collaborate with classmates, or a little help with a tough math problem, there’s probably a Chrome extension to make your life easier. Find a list of our recommendations on the Chrome Web Store.

10. Let Chrome manage your passwords

With an endless list of online tools, websites and apps required for school, remembering all your usernames and passwords can be a hassle. Google Password Manager is built into Chrome to help by saving your login information and generating unique, strong passwords across platforms. And now you can also generate passwords on iOS apps when you set Chrome as your autofill provider.

Source: Google Chrome


How the Chrome team uses Chrome

Before Chrome browser was even launched, the Chrome team was working behind the scenes to create a different browsing experience: one that was both personalized and helpful. This mission has remained central to the Chrome team’s values as we continuously strive to make the web work better for you, building a browser to make your daily life more simple, efficient, and organized. As Chrome celebrated its 100th update earlier this year, we thought it fitting to honor this milestone by asking the people who make Chrome to share how their own innovations are helpful in their daily lives.

Commuting smarter with recent tabs

My team is constantly thinking of ways to make sure Chrome meets the needs of iPhone users, no matter where they are. Chrome on iPhone is essential to my daily routine, when I use my pesky metro commute to get some quick, simple to-dos out of the way before arriving at the office. Many of these tasks are continuation of what I started on desktop, and Chrome’s "recent tabs" feature allows me easy access on my iPhone. When I’m signed in and syncing, my in-office work blends seamlessly into my commute, without the stress of trying to remember what I was doing or hunting down URLs.

- Nasim Sedeghat, Chrome iOS product lead

Chrome browser on desktop is shown with a Google Slides presentation named “M+M Chrome Feature Launch Review” pulled up. An iPhone comes into view from the right, and the three dot menu on the bottom right corner of the iPhone is pressed. A menu is pulled up where a button labeled “recent tabs” is pushed. A menu showing the user’s recently accessed tabs comes up, the Google Slides tab “M+M Chrome Feature Launch Review” is selected, and the same Google slide presentation from the computer is pulled up on the iPhone.

Using tab groups…to make tab groups

My open tabs are often a direct reflection of my state of mind: the messier they are, the more I've got going on. Tab groups help me organize my thoughts, where I use titles to give context and color schemes to find where I left off. I started using tab groups before we had even finished developing them, in an effort to coordinate the project. In many ways, tab groups were responsible for their own creation, since we wouldn't have made it to launch without them!

- Connie Wan, software engineering manager, Chrome desktop user interface

A Chrome browser is shown with tab groups labeled “Sprint Planning” and “Bug Triage” shown at the top of the page. A cursor is hovering over a new tab, it travels through a menu of options, stops on “Add tab to group”, and selects “New Group”. A new tab group is shown, and the cursor types in “Team Management” to name the group and selects a pink color for the group.

Tracking down tabs with Tab Search

While I aspire to keep things neat and tidy in Chrome, the reality is that after a day of back-to-back meetings and checking up on Chrome engineering projects, my tabs accumulate faster than I can organize them into groups (Though I love using tab groups, too!). Tab Search comes to my rescue by allowing me to directly look up an existing tab. It instantly narrows the list as you type — and it includes not only open tabs, but also the tabs I closed just a few moments ago.

- Max Christoff, senior director of Chrome browser engineering

A Chrome browser is shown with more than 20 tabs opened. A cursor navigates to the top right of the screen, clicks on a downfacing arrow, and brings up a search bar where the text reads “Search Tabs” and displays a list of the opened tabs. “Design reviews” is typed into the search bar, and the list of tabs narrows down to only those with that text in the title. The cursor selects a tab containing a Google Drive page with “Design reviews” results displayed

Getting Faster Results with Site Search

As a user experience (UX) designer, much of my role is centered around making sure Chrome is accessible and enjoyable. I spend a lot of time jumping across multiple files or conducting quick website searches, making Chrome’s site search one of my personal favorite features. Rather than first navigating to a specific site, and then clicking into the site’s search field, site search gives me faster access by letting me start my search from the Chrome address bar. I type the site shortcut, press tab then add my search term so the page loads with exactly what I want to find.

- Elvin Hu, Chrome UX interaction designer

A cursor navigates to the Chrome search bar on an open window. “Drive” is typed into the address bar, and the search bar changes to show “Search Google Drive” in blue lettering within the search bar. Then “chrome logo” is typed in and the cursor clicks on the option to display search results for this term from within Google Drive. The page then opens to display a Google Drive page with the results for files containing the words “chrome logo” already shown.

Troubleshooting video calls with site permissions

Over the last few years, I've spent a lot of time on video calls, and I'm so glad I can stay in touch with my loved ones this way. When video calls don't go quite as planned, I troubleshoot by having everyone check their site permissions. You can access this easily on Chrome through thelock icon, located in the address bar. From here, make sure that "Microphone" and "Camera" are turned on. And if a website has been bugging you with too many notifications, this is the same place where you can turn those off. The lock icon remains a favorite feature of mine, especially since my team has always celebrated giving users control over their settings.

- Meggyn Watkins, senior UX writer, trust and safety

A Chrome browser window is shown with a Google Meet tab titled “Family Catch Up!” on the screen. The camera and microphone are turned off. A cursor navigates to the Chrome search bar, and clicks on the lock icon on the left. The site permissions menu is opened and the cursor toggles on the settings for camera, microphone, and notifications.

How Hash-Based Safe Browsing Works in Google Chrome

By Rohit Bhatia, Mollie Bates, Google Chrome Security

There are various threats a user faces when browsing the web. Users may be tricked into sharing sensitive information like their passwords with a misleading or fake website, also called phishing. They may also be led into installing malicious software on their machines, called malware, which can collect personal data and also hold it for ransom. Google Chrome, henceforth called Chrome, enables its users to protect themselves from such threats on the internet. When Chrome users browse the web with Safe Browsing protections, Chrome uses the Safe Browsing service from Google to identify and ward off various threats.

Safe Browsing works in different ways depending on the user's preferences. In the most common case, Chrome uses the privacy-conscious Update API (Application Programming Interface) from the Safe Browsing service. This API was developed with user privacy in mind and ensures Google gets as little information about the user's browsing history as possible. If the user has opted-in to "Enhanced Protection" (covered in an earlier post) or "Make Searches and Browsing Better", Chrome shares limited additional data with Safe Browsing only to further improve user protection.

This post describes how Chrome implements the Update API, with appropriate pointers to the technical implementation and details about the privacy-conscious aspects of the Update API. This should be useful for users to understand how Safe Browsing protects them, and for interested developers to browse through and understand the implementation. We will cover the APIs used for Enhanced Protection users in a future post.

Threats on the Internet

When a user navigates to a webpage on the internet, their browser fetches objects hosted on the internet. These objects include the structure of the webpage (HTML), the styling (CSS), dynamic behavior in the browser (Javascript), images, downloads initiated by the navigation, and other webpages embedded in the main webpage. These objects, also called resources, have a web address which is called their URL (Uniform Resource Locator). Further, URLs may redirect to other URLs when being loaded. Each of these URLs can potentially host threats such as phishing websites, malware, unwanted downloads, malicious software, unfair billing practices, and more. Chrome with Safe Browsing checks all URLs, redirects or included resources, to identify such threats and protect users.

Safe Browsing Lists

Safe Browsing provides a list for each threat it protects users against on the internet. A full catalog of lists that are used in Chrome can be found by visiting chrome://safe-browsing/#tab-db-manager on desktop platforms.

A list does not contain unsafe web addresses, also referred to as URLs, in entirety; it would be prohibitively expensive to keep all of them in a device’s limited memory. Instead it maps a URL, which can be very long, through a cryptographic hash function (SHA-256), to a unique fixed size string. This distinct fixed size string, called a hash, allows a list to be stored efficiently in limited memory. The Update API handles URLs only in the form of hashes and is also called hash-based API in this post.

Further, a list does not store hashes in entirety either, as even that would be too memory intensive. Instead, barring a case where data is not shared with Google and the list is small, it contains prefixes of the hashes. We refer to the original hash as a full hash, and a hash prefix as a partial hash.

A list is updated following the Update API’s request frequency section. Chrome also follows a back-off mode in case of an unsuccessful response. These updates happen roughly every 30 minutes, following the minimum wait duration set by the server in the list update response.

For those interested in browsing relevant source code, here’s where to look:

Source Code

  1. GetListInfos() contains all the lists, along with their associated threat types, the platforms they are used on, and their file names on disk.
  2. HashPrefixMap shows how the lists are stored and maintained. They are grouped by the size of prefixes, and appended together to allow quick binary search based lookups.

How is hash-based URL lookup done

As an example of a Safe Browsing list, let's say that we have one for malware, containing partial hashes of URLs known to host malware. These partial hashes are generally 4 bytes long, but for illustrative purposes, we show only 2 bytes. 

['036b', '1a02', 'bac8', 'bb90']

Whenever Chrome needs to check the reputation of a resource with the Update API, for example when navigating to a URL, it does not share the raw URL (or any piece of it) with Safe Browsing to perform the lookup. Instead, Chrome uses full hashes of the URL (and some combinations) to look up the partial hashes in the locally maintained Safe Browsing list. Chrome sends only these matched partial hashes to the Safe Browsing service. This ensures that Chrome provides these protections while respecting the user’s privacy. This hash-based lookup happens in three steps in Chrome:

Step 1: Generate URL Combinations and Full Hashes

When Google blocks URLs that host potentially unsafe resources by placing them on a Safe Browsing list, the malicious actor can host the resource on a different URL. A malicious actor can cycle through various subdomains to generate new URLs. Safe Browsing uses host suffixes to identify malicious domains that host malware in their subdomains. Similarly, malicious actors can also cycle through various subpaths to generate new URLs. So Safe Browsing also uses path prefixes to identify websites that host malware at various subpaths. This prevents malicious actors from cycling through subdomains or paths for new malicious URLs, allowing robust and efficient identification of threats.

To incorporate these host suffixes and path prefixes, Chrome first computes the full hashes of the URL and some patterns derived from the URL. Following Safe Browsing API's URLs and Hashing specification, Chrome computes the full hashes of URL combinations by following these steps:

  1. First, Chrome converts the URL into a canonical format, as defined in the specification.
  2. Then, Chrome generates up to 5 host suffixes/variants for the URL.
  3. Then, Chrome generates up to 6 path prefixes/variants for the URL.
  4. Then, for the combined 30 host suffixes and path prefixes combinations, Chrome generates the full hash for each combination.

Source Code

  1. V4LocalDatabaseManager::CheckBrowseURL is an example which performs a hash-based lookup.
  2. V4ProtocolManagerUtil::UrlToFullHashes creates the various URL combinations for a URL, and computes their full hashes.

Example

For instance, let's say that a user is trying to visit https://evil.example.com/blah#frag. The canonical url is https://evil.example.com/blah. The host suffixes to be tried are evil.example.com, and example.com. The path prefixes are / and /blah. The four combined URL combinations are evil.example.com/, evil.example.com/blah, example.com/, and example.com/blah. 

url_combinations = ["evil.example.com/", "evil.example.com/blah","example.com/", "example.com/blah"]
full_hashes = ['1a02…28', 'bb90…9f', '7a9e…67', 'bac8…fa']

Step 2: Search Partial Hashes in Local Lists

Chrome then checks the full hashes of the URL combinations against the locally maintained Safe Browsing lists. These lists, which contain partial hashes, do not provide a decisive malicious verdict, but can quickly identify if the URL is considered not malicious. If the full hash of the URL does not match any of the partial hashes from the local lists, the URL is considered safe and Chrome proceeds to load it. This happens for more than 99% of the URLs checked.

Source Code

  1. V4LocalDatabaseManager::GetPrefixMatches gets the matching partial hashes for the full hashes of the URL and its combinations.

Example

Chrome finds that three full hashes 1a02…28, bb90…9f, and bac8…fa match local partial hashes. We note that this is for demonstration purposes, and a match here is rare.

Step 3: Fetch Matching Full Hashes

Next, Chrome sends only the matching partial hash (not the full URL or any particular part of the URL, or even their full hashes), to the Safe Browsing service's fullHashes.find method. In response, it receives the full hashes of all malicious URLs for which the full hash begins with one of the partial hashes sent by Chrome. Chrome checks the fetched full hashes with the generated full hashes of the URL combinations. If any match is found, it identifies the URL with various threats and their severities inferred from the matched full hashes.

Source Code

  1. V4GetHashProtocolManager::GetFullHashes performs the lookup for the full hashes for the matched partial hashes.

Example

Chrome sends the matched partial hashes 1a02, bb90, and bac8 to fetch the full hashes. The server returns full hashes that match these partial hashes, 1a02…28, bb90…ce, and bac8…01. Chrome finds that one of the full hashes matches with the full hash of the URL combination being checked, and identifies the malicious URL as hosting malware.

Conclusion

Safe Browsing protects Chrome users from various malicious threats on the internet. While providing these protections, Chrome faces challenges such as constraints in memory capacity, network bandwidth usage, and a dynamic threat landscape. Chrome is also mindful of the users’ privacy choices, and shares little data with Google.

In a follow up post, we will cover the more advanced protections Chrome provides to its users who have opted in to “Enhanced Protection”.

Stable Channel Promotion for ChromeOS

Hello All,


The Stable channel is being updated to 104.0.5112.83 (Platform version: 14909.100.0) for most ChromeOS devices and will be rolled out over the next few days.

For Chrome browser fixes, see the Chrome Desktop release announcement.

If you find new issues, please let us know one of the following ways:

Interested in switching channels? Find out how.

Please see the bug fixes and security updates:

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed

[1338560] High CVE-2022-2609: Use after free in NearbyShare Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on Wed, Jun 22, 2022

[1337304] Medium CVE-2022-2620: Use after free in WebUI Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on Fri, Jun 17, 2022


[1330775] High CVE-2022-2608: Use after free in Ash Reported by Khalil Zhani on Wed, Jun 1, 2022


[1325256] Medium CVE-2022-2613: Use after free in Gesture Process Reported by Piotr Tworek, Vewd Software on Fri, May 13, 2022


[1319172] High CVE-TBD: Use after free in Exosphere Reported by @ginggilBesel on Sun, Apr 24, 2022


[1316960] High CVE-TBD: Use after free in Window Manger by Rheza Shan on Sun, Apr 17, 2022


[1286203] High CVE-2022-2607: Use after free in WebUI Reported by @ginggilBese on Tue, Jan 11, 2022




Google ChromeOS.

4 ways to use Touch to Search on Chrome

Whether you’re on a vacation or just running to your next work meeting, we want to make it easier for you to quickly find information without having to type things out on a cramped smartphone keyboard. That’s why we introduced “Touch to Search” in the Chrome app for Android a few years ago. Touch to Search lets you do things like press on specific words on web pages to quickly search them, whether it’s to learn more about a place of interest or get help with a translation.

Here are four helpful tips on how to make the most of Touch to Search when you’re on the go:

1. Get faster translations.

Let’s say you're checking out the menu of a new restaurant and you come across a French phase you don’t understand. Press on the word, and if you’ve fully enabled Touch to Search in Settings, you’ll see an immediate translation in the bar on the bottom of your screen. You can also tap or swipe up on the bar to visit a search results page for the word you selected. Of course, Chrome can also automatically translate a full page in your desired language.

Image of Pixel 6 device with a French word “nouvelles fonctionnalites” being translated into English in Chrome browser

2. Get helpful info in context.

In addition to translations, if you stumble across a person, word or place you’re unfamiliar with, Touch to Search can get you up to speed — right in context. Press on the word in question, and you’ll see an informative card from Touch to Search.

Image of Pixel 6 device with the word “Oakland'' highlighted in Chrome browser. There is a description at the bottom of “Oakland” being described as a “City in California”.

3. Tap or hold down to get results.

When we say “press” on words, that means you can usually tap or hold-down on words to activate Touch to Search, so it’s simple for you to search in context. Recently, we standardized what happens when you tap and when you hold down, so you’ll get the same experience of Touch to Search regardless of which gesture you prefer. One caveat: There’s some sites on the web with unique interfaces which disable tapping words, so if you encounter that, try holding down instead.

4. Use more simple settings.

We want controlling your settings in Chrome to feel intuitive, so we updated Touch to Search’s settings to give you more fine-grained control over how you want to use the feature. Now when you enable “Include surrounding text in Google searches,” you’ll be more likely to get high-quality results – including through translations and definitions right on the page.

Image of Pixel 6 devices side by side showing the setting options for the “Touch to Search” feature.

There’s more to come

We’re always exploring more ways to make it easier to search on-the-go in Chrome. One feature we’re testing out is related searches. This adds suggestions into Touch to Search that are based on what you’ve selected, to make it simple to learn even more about what you’ve just seen. For example, if you select the words “San Francisco,” we could show helpful suggestions like “San Francisco population” or “San Francisco events.” We’re continually exploring ways to make it easier to find information in Chrome, including the unique needs people have when searching on their Android or iOS phones. Look out for more features soon.

Expanding testing for the Privacy Sandbox for the Web

Improving people's privacy, while giving businesses the tools they need to succeed online, is vital to the future of the open web. That's why we started the Privacy Sandbox initiative to collaborate with the ecosystem on developing privacy-preserving alternatives to third-party cookies and other forms of cross-site tracking. Over the past several months, we've released trial versions of a number of new Privacy Sandbox APIs in Chrome for developers to test.

Throughout this process, we’ve worked closely to refine our design proposals based on input from developers, publishers, marketers, and regulators via forums like the W3C, and earlier this year, we reached an agreement with the UK’s Competition and Markets Authority (CMA) on how we develop and release the Privacy Sandbox in Chrome worldwide.

The most consistent feedback we’ve received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome. This feedback aligns with our commitment to the CMA to ensure that the Privacy Sandbox provides effective, privacy-preserving technologies and the industry has sufficient time to adopt these new solutions. This deliberate approach to transitioning from third-party cookies ensures that the web can continue to thrive, without relying on cross-site tracking identifiers or covert techniques like fingerprinting.

For these reasons, we are expanding the testing windows for the Privacy Sandbox APIs before we disable third-party cookies in Chrome.

Developers can already test these APIs today, and beginning in early August, the Privacy Sandbox trials will expand to millions of users globally, and we’ll gradually increase the trial population throughout the rest of the year and into 2023. Before users are added into the trials, they will be shown a prompt giving them the option to manage their participation. As the web community tests these APIs, we’ll continue to listen and respond to feedback.

By Q3 2023, we expect the Privacy Sandbox APIs to be launched and generally available in Chrome. As developers adopt these APIs, we now intend to begin phasing out third-party cookies in Chrome in the second half of 2024.

Updated Privacy Sandbox for Web timeline

The updated timeline will soon be available on privacysandbox.com.

We're grateful to be working with companies across the industry who are invested in developing privacy-first experiences on the web, and will be testing Privacy Sandbox in the coming months.

  • quote from Masanaga Konishi
  • quote from Todd Parsons
  • quote from Townsend Feehan
  • quote from Sundeep Parsa

The Privacy Sandbox initiative is an ambitious undertaking for the entire industry, and we look forward to continuing to engage with the web community as testing expands.

Source: Google Chrome