Google updates Chrome to third beta

Computerworld - Google Inc. yesterday released the third beta version of Chrome, the browser it introduced nearly two months ago, to fix a single security vulnerability and address several other problems.

Chrome 0.3.154.9 will be automatically pushed to current users, said Mark Larson, the browser's product manager, in a note posted to a Google blog on Wednesday. Users who had set Chrome to receive the more frequent developer updates have had most of the fixes and changes in 0.3.154.9 for some time, however.

Larson characterized the one bug patched in the update as a "medium" threat, and said the fix shut down an address-spoofing flaw that attackers could use to trick users into thinking they were at a safe site when they were actually visiting a malicious or phishing URL.

Also integrated into 0.3.154.9 were several nonsecurity fixes as well as a number of design changes. Among the latter: A modification to the way the browser handles downloads of executable files. That change, though designed to block a months-old "carpet bomb" bug that could be exploited to dupe users into downloading and launching malware, was criticized last week by the security researcher who reported it to Google as a short-term fix only.

"The best solution was if they just won't download the files until the user approves, or download them to a random directory ... as it's done with other browsers, like Internet Explorer's Temporary Internet Files folder or Firefox's random profile directory," said Israeli research Aviv Raff last week.

Google also modified Chrome's site indexing, which the browser uses to call up previously viewed URLs when users type search criteria in the address bar. "We no longer store data from secure sites (they use https: and show a lock in the address bar) in your history," said Larson in the 0.3.154.9 release notes. "You can still search your history for the site's address, but not the contents on the page."

The search giant has struggled to walk a line between usability and privacy at times. Shortly after it unveiled Chrome, Google was hammered by privacy advocates for recording every keystroke entered into the browser's address bar, then sending some users' data to its servers for examination. Bowing to pressure, Google said it would render that data anonymous within 24 hours.

Other changes Larson pointed out included improvements to Chrome's handling of popular plug-ins, such as Adobe System's Flash, Apple's QuickTime, and Microsoft's Flash and Windows Media Player. "We fixed issues with video not loading, stopping after a second, and slowing down or freezing Google Chrome (100% CPU usage)," said Larson.

Chrome, which is available only for Windows XP and Windows Vista, can be downloaded from Google's Web site. Current users can wait for the 0.3.154.9 update to download and install automatically, or manually trigger the process by selecting "About Google Chrome" from the tools menu.

Google's browser accounted for less than 1% of the market during its first month of availability, according to data from Net Applications.

Read more about security in Computerworld's Security Knowledge Center.