Chrome 96.0.4664.45 releases: add “back-forward cache” feature

The Google Chrome team recently launched Google Chrome v96.0.4664.45. As a new version, this update to the Google Chrome version for desktop brings a back-forward cache function, which has been tested for a period of time and has finally arrived in the stable version.

The back-forward cache function will cache the resources of the old page. When the user needs to go back, click the back button and quickly return through the cache without reloading.

Back-forward cache is a browser feature which improves the user experience by keeping a page alive after the user navigates away from it and reuses it for session history navigation (browser back/forward buttons, history.back(), etc) to make the navigation instant. The pages in the cache are frozen and do not run any javascript.

This update includes 25 security fixes.

[$7500][1254189] High CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab on 2021-09-29

[$7500][1263620] High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26

[$2000][1260649] High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16

[$TBD][1240593] High CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-08-17

[$TBD][1241091] High CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero on 2021-08-18

[$TBD][1264477] High CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero on 2021-10-28

[$TBD][1268274] High CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero on 2021-11-09

[$15000][1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) on 2021-10-24

[$10000][1242392] Medium CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) on 2021-08-23

[$5000][1248567] Medium CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10

[$3000][957553] Medium CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg on 2019-04-29

[$3000][1244289] Medium CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer  on 2021-08-28

[$2500][1256822] Medium CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK on 2021-10-05

[$2000][1197889] Medium CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz on 2021-04-11

[$1000][1251179] Medium CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer on 2021-09-20

[$1000][1259694] Medium CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) on 2021-10-13

[$500][1233375] Medium CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on 2021-07-27

[$TBD][1248862] Low CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski on 2021-09-13