Google Chrome

Google has released version 18 of Chrome, the company’s own extended version of the open source Chromium web browser. The new Stable channel release, labeled 18.0.1025.142, fixes several security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware. This is done by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. According to the developers, the GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games “run faster and feel smoother”. For older systems that can’t make use of of the GPU, Chrome can now display 3D content using the SwiftShader software rasterizer, which Google licensed from TransGaming, Inc. However, the developers note that “a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web”. ...

The H-Security: Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as “high severity“. These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to “magic iframe”, as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation have also been fixed. ...

The H-Security: Google has released a new stable version of its Chrome browser. The update fixes seventeen high severity vulnerabilities and updates the bundled Flash player. Google referred users to Adobe for details of the Flash Player update, and as usual, revealed few details about the seventeen holes that it closed in the release. It did, though, say that the researchers earned between $500 and $3000 for their vulnerability disclosures. ...

Google is to offer up to a million dollars in rewards for Chrome exploits at the CanSecWest conference. Previously, Google has sponsored the Pwn2Own competition which is held at CanSecWest, but has decided that this year it will directly reward exploits. “We discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors” says Google in a blog post. In previous years, full details have been handed over, but the revised rules make it “an explicit non-requirement in this year’s contest” – a change that Google calls “worrisome”. The organizers revised the rules to make the contest “more fair” and “more of a competition”. ...

The H-Online: Google’s solution for the problem of getting better passwords on the net – a combination of browser sign-in andOpenID – will take some time to implement as it involves persuading sites to switch to using OpenID. The developers on the Chrome project think that they can at least improve the security of passwords on sites, by generating passwords for the user. A new Password Generation proposal for the Chromium and Chrome browsers attempts to address that by assuming that once the user is signed into the browser, it can take over the handling of password creation. ...

LifeHacker: Chrome 17 is out with a new pre-rendering feature designed to make your pages load faster, and both Firefox and Opera have also released speedy new versions since our last round of speed tests. So, we’ve once again pitted the four most popular web browsers against each other in a battle of startup times, tab loading times, and more, with more surprising results. ...

LifeHacker: Google is releasing a major update to Chrome today that will make browsing the web seem faster and also add security protections. Chrome 17 (17.0.963.46) pre-renders pages in the background when you type in the URL in the omnibox address bar so the site will appear to come up almost instantaneously. Chrome also now scans download executable-s (e.g., “.exe” and “.msi” files) and warns you if it thinks the file is malicious. ...

Google Chrome Wrote: In 2008, we launched Google Chrome to help make the web better. We’re excited that millions of people around the world use Chrome as their primary browser and we want to keep improving that experience. Today, we’re introducing Chrome for Android Beta, which brings many of the things you’ve come to love about Chrome to your Android 4.0 Ice Cream Sandwich phone or tablet. Like the desktop version, Chrome for Android Beta is focused on speed and simplicity, but it also features seamless sign-in and sync so you can take your personalized web browsing experience with you wherever you go, across devices. ...

The H-Online: Google plans to turn off online checks for SSL certificate validity in its Chrome browser soon, according to a blog post by Adam Langley, the developer in charge of that element of the browser. Instead, the browser will use the update mechanism to receive lists of revoked certificates. When browsers make a connection, they check whether the certificate presented by the server has already been blocked by the certificate authority, using either the certificate authority’s certificate revocation lists (CRLs) or, directly and interactively, the Online Certificate Status Protocol (OCSP). But that whole process has never been completely reliable, since, if the browser isn’t certain of the validity – if, say, an OCSP request doesn’t work – it simply “looks the other way”. Otherwise, there would be too many false alarms. ...

The H-Online: The German Federal Office of Information Security (BSI (German), BSI English) has compiled security recommendations for Windows PCs that will probably sound familiar to regular readers of The H: Anti-virus software – including free solutions –, backups, security updates, an alternative browser such as Google Chrome and “a healthy level of mistrust” are the main components of its proposal for a secure Windows PC. As the UK lacks a governmental organization that makes such recommendations, as usually such organizations recommend policy for public projects, it is worth seeing what Germany’s BSI suggests. ...