Chrome 19 Boosts Security

Thursday, May 17, 2012 @ 11:05 AM gHale


Chrome 19 is ready to go, and with the new release Google patched 20 vulnerabilities in the browser.

Of the 20 vulnerabilities fixed in Chrome 19, eight ranked “high,” which is Google’s second-most-serious threat rating, seven were “medium,” and five were “low.”

RELATED STORIES
Apple Shuts More OS X, Safari Flaws
Skype for Linux Security Fix
Skype Alert: Tool can ID IP Address
Top HTTPS Websites Insecure

Google described seven of the vulnerabilities as “out-of-bounds” read or write flaws, a category of memory bugs where a function does not check that input doesn’t exceed allocated buffers.

Google paid $7,500 in bounties to six researchers for reporting nine vulnerabilities, including two that were not strictly within Chrome. One of the latter was a bug in a Linux Nvidia driver.

The 11 remaining bugs ended up uncovered by Google’s own security team or Microsoft, or were not significant enough to rate a bounty.

Google also handed over an additional $9,000 to half-a-dozen researchers, some of whom collected other cash rewards, for reporting bugs patched by Google earlier in Chrome 19’s development process.

Tuesday’s update was the 13th this year that patched one or more vulnerabilities.

According to the latest figures from metric company Net Applications, Chrome has a usage share of about 19%. Irish measurement firm StatCounter, on the other hand, pegged Chrome’s share for April at 31%.

Other than the security fixes, Chrome 19’s most obvious change is the new support for tab synchronization. Like the already available bookmark, password, app and extension sync, open tabs will now stay in step on all copies of Chrome, on multiple platforms, including Android, that link to the same Google account.

Although Chrome 19 supports the feature, synchronization will not link up for all users immediately, said Raz Mathias, a Chrome software engineer. “The tab sync feature will be rolled out gradually over the coming weeks,” Mathias said.

Mozilla has had tab sync since Firefox 4, which shipped more than a year ago, and third-party extensions, like Xmarks, sync open tabs across browsers from different vendors.

Chrome last upgraded seven weeks ago. Google releases a new “stable” version about every six to eight weeks and has been on a slightly slower schedule recently than rival Mozilla’s strict every-six-weeks tempo.

Users can download Chrome 19 for Windows, Mac OS X and Linux from Google’s website. The browser updates automatically through its silent service.



Leave a Reply

You must be logged in to post a comment.