Google Chrome 117 Released With Malicious Extensions Warning, 16 Security Fixes

Google Chrome GenericGoogle Chrome Generic

A week ago Google released Chrome 116 to the Early Stable channel. Now, it is available for everyone to download and install. To be precise, the exact version of this Chrome release is 117.0.5938.62/.63 for the Windows OS. Moreover, updates have also been made for other platforms.

This release addresses 16 security vulnerabilities out of which only 1 is deemed of high importance. This vulnerability patch addresses a heap buffer overflow in WebP.

Additionally, this release also includes new features and improvements.

Latest Google Chrome Versions

PlatformVersionRelease Date
Chrome for Windows122.0.6261.57/.5820-Feb-24
Chrome for macOS122.0.6261.5720-Feb-24
Chrome for Linux122.0.6261.5720-Feb-24
Chrome for Android122.0.6261.6420-Feb-24
Chrome for iOS122.0.6261.6220-Feb-24
Latest Google Chrome versions for different OS

Chrome 117 release summary

  • Release Build:
    • Windows: 117.0.5938.62/.63
    • Linux/Mac: 117.0.5938.62
  • Release Date: Tuesday, September 12th, 2023
  • Compatibility: Windows 1110 (32-bit and 64-bit), Linux, Mac, iOS, and Android.
  • Previous Build: 116.0.5845.96/.97

New in Chrome 117

Warning for potential malicious Chrome extensions

Browser extensions are add-ons that allow you to incorporate more features and support into the browser. When you download and add an extension to the Chrome browser from the web store, you are ensured that the extension does not contain any malware by the web store moderators. However, every now and then an extension is removed from the store.

Previously, when an extension was removed from the store, the users who had already added them to the browser kept using them without any intimation. With Chrome 117, users will be prompted to review an extension if it is installed but has been removed from the store.

An extension is removed from the store because of one of the following reasons:

  • The extension has been unpublished by the developer
  • It violated the store policies, and thus removed
  • It has been flagged as malware

For any one of these reasons, if an extension was removed, the user who has already installed it would be asked to review, and possibly remove the extension from the browser.

You can go to the “Privacy and security” tab in Chrome’s settings where Chrome will inform you of any extensions that may need reviewing.

Warning for potentially malicious Chrome extension
Warning for potentially malicious Chrome extension. Source: Google

Material You for desktop

Material You is a new way Google introduced to design the Chrome browser. Now, this design is also transferring to Chrome for desktop. With Chrome 117, some new elements will show up with a redesign using Material You.

If you are using the default Chrome theme, you will see that the top bar has changed from grey to blue after updating to Chrome version 117. Some UI components will borrow the dominant colors from your chosen theme when you choose a colorful one.

Additionally, Google is introducing a new three-dot menu that has iconography to assist in better distinguishing menu items, greater room between them, and a clearer grouping of account-specific options.

Lock icon in Omnibox not replaced

As observed in the Insider channels for Chrome, Google was supposedly going to replace the HTTPS secure icon, which is a lock sign, that you see in the address bar/Omnibox to the left of the URL. However, after installing Chrome 117, we saw that this has not been implemented.

Security patches

As we mentioned earlier, Chrome 117 addresses 16 security vulnerabilities. Here are the details for some of them:

  • [1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP.
  • [1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs.
  • [1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts.
  • [1454515] Medium CVE-2023-4902: Inappropriate implementation in Input.
  • [1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
  • [1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads.
  • [1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts.
  • [1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill.
  • [1462104] Low CVE-2023-4907: Inappropriate implementation in Intents.
  • [1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture.
  • [1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials.

As you can see from these fixes, the focus is not just on a single type of vulnerability. Google has patched multiple vulnerabilities discovered by its security team, as well as individual contributors.

Update to Chrome 117

Google Chrome is configured to be updated automatically by default. You can keep browsing the internet while Chrome downloads the newest version for you. It gets installed when you restart the browser.

If you already have Google Chrome installed on your computer, then updating it would be easy. Follow the guide below to update your existing Chrome browser to version 117.

Note: The upgrade will only take place if you are part of the Extended Stable Channel release. There is no way to check, except for checking for the available update using these steps.

  1. Open Google Chrome and click on the ellipses (3 dots) in the top-right corner.

    Click the ellipses
    Click the ellipses
  2. Expand Help and click “About Google Chrome.”

    About Google Chrome
    About Google Chrome
  3. Once the update is complete, click “Relaunch.”

    Relaunch Chrome
    Relaunch Chrome

    Note: The browser closes when you click Relaunch and then reopens, restoring all closed tabs.

The browser will now close and reopen. Once it does, you can navigate to the “About Google Chrome” page again and confirm that it has indeed been updated.

Chrome updated successfully
Chrome updated successfully

There are a few different methods that can also be used to update your Chrome browser to the latest version, including:

  • Update using Google update
  • Use the downloaded Chrome installer
  • Using Ninite
  • Download Chrome without using a browser

You can learn more about these methods in this guidepost.

You may also download the Chrome browser from the links below if you do not already have it.

Note: You may go through the Google Chrome updates blog to check the upcoming features in the beta and dev channels which will then be released to the upcoming version of Chrome 118 next month.

Download Google Chrome 117

Click on the links below to download Chrome 117 for the operating system of your choice:

Download Google Chrome offline installers [Stable, Beta, Dev, Canary]

DownloadGoogle Chrome web installer

DownloadGoogle Chrome offline installer

DownloadGoogle Chrome MSI Installer [Enterprise Edition]

DownloadGoogle Chrome for macOS

DownloadGoogle Chrome Offline Installer for Linux

DownloadGoogle Chrome for Android

DownloadGoogle Chrome for iOS

DownloadGoogle Chrome Portable

Install Google Chrome 117

Installing the Chrome browser on a Windows PC is as easy as downloading them. The process may vary for different platforms.

Download the file from the links above and then double-click it to execute. The rest of the process is pretty much automatic. The setup will download the required files (if the web installer was downloaded), install them for you and the browser will launch itself as soon as it is installed successfully.

installing
Install Google Chrome

How to uninstall Google Chrome

On a Windows PC, you can uninstall Google Chrome from the settings app, and the Programs & Features applet.

From the Settings app

  1. Navigate to the installed apps tab.

    • In Windows 11:

      Settings app >> Apps >> Installed Apps
    • In Windows 10:

      Settings app >> Apps
  2. Search for “Google Chrome.”

  3. Click on the 3 dots in front of “Google Chrome.”

    Expand Chrome settings
    Expand Chrome settings

    On Windows 11, click on the ellipses (3 dots) in front of Chrome.

    On Windows 10, click on “Google Chrome” to expand it.

  4. Click Uninstall.

    Uninstall Chrome
    Uninstall Chrome
  5. Click Uninstall again.

    Confirm uninstallation
    Confirm uninstallation

From Programs and Features

  1. Open the Programs and Features applet by typing in “appwiz.cpl” in the Run Command box.

    appwiz
    Open Programs and Features Applet
  2. Double-click “Google Chrome” from the list.

    Uninstall Chrome 2
    Uninstall Chrome

    Alternatively, right-click Chrome and then click Uninstall from the context menu.

Google Chrome will now be removed from your PC.

Google Chrome Releases Version History

Chrome VersionRelease DateFeatures
Chrome 122 (Early Stable)20-Feb-24WebGPU enhancements, Read Aloud for Android, and Help Me Write introduced
Chrome 12123-Jan-24Auto-grouping of tabs using AI, experimental generative AI tools to write text and create custom themes.
Chrome 1205-Dec-23Auto-grouping of tabs using AI, copy and save video frames, pin side panel elements to toolbar, improved transparent navigation bar on Android
Chrome 11931-Oct-2315 security updates, save and sync grouped tabs, smart Omnibox with typo detection, and continue where you left off on another device for iOS.
Chrome 11810-Oct-2320 security patches, extended Passkey support, Read Aloud in Reading Mode
Chrome 11712-Sep-23New Material You designs, intimation of potentially malicious web store extensions.
Chrome 11615-Aug-23Security update cadence changed to weekly from biweekly, One-Time permissions, 26 security patches
Chrome 11512-Jul-23Includes Topics API (Privacy Sandbox), reading mode, improved Memory Saver UI, HTTP automatic conversion to HTTPS
Chrome 11430-May-23Improves the Google Password Manager, introduces Popover API for developers , and adds auto-verification of CAPTCHAs.
Chrome 11326-Apr-23Makes notes in the sidebar, deletes the last 15-minute browsing history on Android, adds a bookmark or translate button in the toolbar on Android, enable or disables all extensions, and WebGPU enabled by default.
Chrome 1124-Apr-23Removal of Chrome app support, improved UI (experimental), CSS Nesting, WebAssembly Tail Call
Chrome 1116-Mar-23Automatic lazy-loading, sharing selected regions of the screen, and several improvements for Chromebooks
Chrome 1107-Feb-23Improved Password Manager and Google Translate controls, Cookies Having Independent Partitioned State, opt-out support for Secure Payment Confirmation
Chrome 10910-Jan-23Conditional focus on screen sharing, Material You theming support
Chrome 10829-Nov-22Evergy saver mode, COLRv1 fonts, resize virtual keyboards (Android)
Chrome 10725-Oct-22HEVC hardware decoding, screen-sharing improvements, and User-Agent reduction (Phase 5)
Chrome 10628-Sep-22Selective text translation, integrated RSS reader, and advanced search improvements to Omnibox .
Chrome 10530-Aug-22Improvements for web applications in terms of customizations
Chrome 1042-Aug-22Automatic lazy-loading, share selected regions of the screen, and several improvements for Chromebooks
Chrome 10321-Jun-22Pre-fetch page data for faster loading, local fonts for web apps, and block notifications automatically.
Chrome 10224-May-22Extensions Starter Kit, New Keyboard Shortcuts, And Continued Searches
Chrome 10126-Apr-22Improved downloads UI, save group tabs, and password manager
Chrome 10029-Mar-22Multi-screen API , audio controls
Chrome 991-Mar-22Handwriting Recognition, Date Picker, And Security Improvements
Chrome 981-Feb-22Built-in screenshot tool, smoother emojis with COLRv1, Emojis to screenshots on Android
Chrome 974-Jan-22Delete data saved by websites, zoom settings, better web application layouts, HDR enabled
Chrome 9615-Nov-21Faster navigation, dark mode per site, flags for testing v100
Chrome 9519-Oct-21Save grouped tabs, secure payments
Chrome 9421-Sep-21HTTPS-only mode, sharing hub
Chrome 9015-Apr-21AV1 codecs support, window naming feature
Download Google Chrome Offline Installers [Stable, Beta, Canary]
Google Chrome features introduced in each version
If you liked this post, Share it on:

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

Leave the first comment