Google quashes 13 Chrome bugs, adds PDF viewer
Also adds support for Chrome Web Store, hinting at imminent launch
Computerworld - Google on Thursday patched 13 vulnerabilities in Chrome as it shifted the most stable edition of the browser to version 8.
Chrome 8 also debuted Google's built-in PDF viewer, an alternative to the bug-plagued Adobe Reader plug-in, and included support for the still-not-launched Chrome Web Store.
The 13 flaws fixed in Chrome 8.0.552.215 are in a variety of components, including the browser's history, its video indexing and the display of SVG (scalable vector graphics) animations.
Four of the baker's dozen are tagged as "high" level bugs, Google's second-most-serious rating, while five are pegged "medium" and four are labeled as "low."
Google paid $4,000 in bounties to five researchers for reporting vulnerabilities. Since mid-August, Google has handed out over $29,000 in bug bounty payments.
Among the researchers credited with submitting flaws was Nirankush Panchbhai, who works in Microsoft's vulnerability research group. Panchbhai was not one of the researchers paid a bounty.
Per its practice, Google locked its bug tracking database to bar outsiders from reading the technical details of the vulnerabilities. The company usually unlocks access to a flaw at a later date -- sometimes within weeks, often only after months have passed -- to give users time to update before the hacker-useful information goes public.
The update to the "stable" build -- Google maintains three separate "channels" for Chrome, ranging from stable to "beta" to "dev" -- also included an integrated PDF viewer, which Google first introduced to the dev channel last summer. The viewer renders PDF documents as HTML-based pages, and doesn't require Adobe Reader's free browser plug-in, or any of the alternatives.
The PDF viewer operates within Chrome's "sandbox," a security feature that isolates processes to make it more difficult for malware to affect the browser or infect the computer.
Google also added support for the Chrome Web Store to the browser with version 8. Multiple references to the store, which Google announced last May but has yet to take public, appeared in the Chrome 8 release notes.
That support may mean Google is close to opening the Web Store to customers, who will be able to browser, purchase and download Web applications, including extensions, to run in Chrome and other standards-compliant browsers.
Developers have had access to early versions of the Web Store for several months, but Google has only promised to publicly launch it before the end of the year.
Thursday's update to version 8 came a little more than six weeks after Google released Chrome 7 to the stable channel. Previously, the company said it would refresh the browser every 6-8 weeks.
If the past is any indication, most users will be running Chrome 8 within a couple of weeks.
Last month, Web analytics company Net Applications reported that Chrome's "silent" update mechanism -- unlike other browsers, Chrome automatically updates without any user interaction -- had "almost completely replaced" version 6 with Chrome 7 less than two weeks after the latter's Oct. 19 debut.
Earlier this week, Net Applications reported that Chrome's global share of the browser usage market stood at a record 9.3%.
On Wednesday, Google updated the Windows dev build of Chrome to include a sandbox that shields users from exploits of Adobe Flash Player vulnerabilities.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts