Google quashes 13 Chrome bugs, adds PDF viewer
Also adds support for Chrome Web Store, hinting at imminent launch
Computerworld - Google on Thursday patched 13 vulnerabilities in Chrome as it shifted the most stable edition of the browser to version 8.
Chrome 8 also debuted Google's built-in PDF viewer, an alternative to the bug-plagued Adobe Reader plug-in, and included support for the still-not-launched Chrome Web Store.
The 13 flaws fixed in Chrome 8.0.552.215 are in a variety of components, including the browser's history, its video indexing and the display of SVG (scalable vector graphics) animations.
Four of the baker's dozen are tagged as "high" level bugs, Google's second-most-serious rating, while five are pegged "medium" and four are labeled as "low."
Google paid $4,000 in bounties to five researchers for reporting vulnerabilities. Since mid-August, Google has handed out over $29,000 in bug bounty payments.
Among the researchers credited with submitting flaws was Nirankush Panchbhai, who works in Microsoft's vulnerability research group. Panchbhai was not one of the researchers paid a bounty.
Per its practice, Google locked its bug tracking database to bar outsiders from reading the technical details of the vulnerabilities. The company usually unlocks access to a flaw at a later date -- sometimes within weeks, often only after months have passed -- to give users time to update before the hacker-useful information goes public.
The update to the "stable" build -- Google maintains three separate "channels" for Chrome, ranging from stable to "beta" to "dev" -- also included an integrated PDF viewer, which Google first introduced to the dev channel last summer. The viewer renders PDF documents as HTML-based pages, and doesn't require Adobe Reader's free browser plug-in, or any of the alternatives.
The PDF viewer operates within Chrome's "sandbox," a security feature that isolates processes to make it more difficult for malware to affect the browser or infect the computer.
Google also added support for the Chrome Web Store to the browser with version 8. Multiple references to the store, which Google announced last May but has yet to take public, appeared in the Chrome 8 release notes.
That support may mean Google is close to opening the Web Store to customers, who will be able to browser, purchase and download Web applications, including extensions, to run in Chrome and other standards-compliant browsers.
Developers have had access to early versions of the Web Store for several months, but Google has only promised to publicly launch it before the end of the year.
Thursday's update to version 8 came a little more than six weeks after Google released Chrome 7 to the stable channel. Previously, the company said it would refresh the browser every 6-8 weeks.
If the past is any indication, most users will be running Chrome 8 within a couple of weeks.
Last month, Web analytics company Net Applications reported that Chrome's "silent" update mechanism -- unlike other browsers, Chrome automatically updates without any user interaction -- had "almost completely replaced" version 6 with Chrome 7 less than two weeks after the latter's Oct. 19 debut.
Earlier this week, Net Applications reported that Chrome's global share of the browser usage market stood at a record 9.3%.
On Wednesday, Google updated the Windows dev build of Chrome to include a sandbox that shields users from exploits of Adobe Flash Player vulnerabilities.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
- Firefox risks irrelevance as mobile browsing booms
- Firefox UI revamp sparks complaints, searches for alternatives
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Desktop Apps White Papers | Webcasts