Chrome 23 Shuts Security Holes

Friday, November 9, 2012 @ 09:11 AM gHale

In addition to closing several security holes, the latest stable release of Google’s Chrome web browser promises to improve battery life for some users and includes support for the Do Not Track (DNT) header.

Version 23 of Chrome addresses 15 security vulnerabilities in the browser, 6 of which officials rate as “high severity.”

Browser Extensions on Rise
BEAST still tackles SSL servers
New Attack Hijacks HTTPS Sessions
Report: Mobile Technology Crime on Rise

These vulnerabilities include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk also ended up fixed.

As a part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a series of critical vulnerabilities, all of which the Google Security Team discovered.

Meanwhile, other enhancements for systems with dedicated graphics chips that support Chrome’s GPU-accelerated video decoding, version 23 of the WebKit-based browser significantly reduces power consumption. Google said batteries lasted on average 25% longer in its tests when they enabled GPU-accelerated video decoding compared to only using a system’s CPU when streaming online videos.

The update also makes it easier for users to view and control permissions for web sites. By clicking on the page/lock icon next to a site’s address, users can modify such permissions as geolocation, popups, camera and microphone access, and JavaScript.

The new version is the first stable release to include support for the Do Not Track privacy setting. Originally proposed by Mozilla, DNT is a developing standard that tells web sites the browser user wishes to opt-out of online behavioral tracking. Do Not Track is not turned on by default in Chrome 23; users can enable DNT by selecting Settings, Show advanced settings and checking the box next to “Send a ‘Do Not Track’ request with your browsing traffic.”

Leave a Reply

You must be logged in to post a comment.