Google updates Chrome to third beta
Version 0.3.154.9 fixes security bug, improves plug-in performance
October 30, 2008 12:00 PM ETComputerworld - Google Inc. yesterday released the third beta version of Chrome, the browser it introduced nearly two months ago, to fix a single security vulnerability and address several other problems.
Chrome 0.3.154.9 will be automatically pushed to current users, said Mark Larson, the browser's product manager, in a note posted to a Google blog on Wednesday. Users who had set Chrome to receive the more frequent developer updates have had most of the fixes and changes in 0.3.154.9 for some time, however.
Larson characterized the one bug patched in the update as a "medium" threat, and said the fix shut down an address-spoofing flaw that attackers could use to trick users into thinking they were at a safe site when they were actually visiting a malicious or phishing URL.
Also integrated into 0.3.154.9 were several nonsecurity fixes as well as a number of design changes. Among the latter: A modification to the way the browser handles downloads of executable files. That change, though designed to block a months-old "carpet bomb" bug that could be exploited to dupe users into downloading and launching malware, was criticized last week by the security researcher who reported it to Google as a short-term fix only.
"The best solution was if they just won't download the files until the user approves, or download them to a random directory ... as it's done with other browsers, like Internet Explorer's Temporary Internet Files folder or Firefox's random profile directory," said Israeli research Aviv Raff last week.
Google also modified Chrome's site indexing, which the browser uses to call up previously viewed URLs when users type search criteria in the address bar. "We no longer store data from secure sites (they use https: and show a lock in the address bar) in your history," said Larson in the 0.3.154.9 release notes. "You can still search your history for the site's address, but not the contents on the page."
The search giant has struggled to walk a line between usability and privacy at times. Shortly after it unveiled Chrome, Google was hammered by privacy advocates for recording every keystroke entered into the browser's address bar, then sending some users' data to its servers for examination. Bowing to pressure, Google said it would render that data anonymous within 24 hours.
Other changes Larson pointed out included improvements to Chrome's handling of popular plug-ins, such as Adobe System's Flash, Apple's QuickTime, and Microsoft's Flash and Windows Media Player. "We fixed issues with video not loading, stopping after a second, and slowing down or freezing Google Chrome (100% CPU usage)," said Larson.
Chrome, which is available only for Windows XP and Windows Vista, can be downloaded from Google's Web site. Current users can wait for the 0.3.154.9 update to download and install automatically, or manually trigger the process by selecting "About Google Chrome" from the tools menu.
Google's browser accounted for less than 1% of the market during its first month of availability, according to data from Net Applications.
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
