Google ships Chrome 16, patches 15 vulnerabilities
Adds multi-user sync for shared PCs and Macs
Computerworld - Google yesterday patched 15 vulnerabilities in Chrome, paying $6,000 in bounties to bug hunters who reported some of them, and updated the browser to version 16.
The one new feature in the upgrade that Google called out was multi-user synchronization of bookmarks, passwords and apps.
Google last refreshed Chrome seven weeks ago on Oct 25. Google produces an update to its "stable" channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla's every-six-week pace.
Six of the 15 vulnerabilities patched Tuesday were rated "high," the second-most-serious ranking in Google's system, while seven were labeled "medium" and another two were tagged as "low."
Google paid $6,000 in bounties, or less than a fourth of what it laid out in October, to five researchers for reporting seven bugs. The eight other vulnerabilities were uncovered by members of Google's own security team, developers who contribute to the open-source Chromium project -- which feeds code to Chrome -- or were ranked low and so not eligible for a bonus.
The company has paid just over $180,000 so far this year in bounties to outside researchers.
Several of the bugs, including a pair attributed to independent researcher Arthur Gerkis -- who earned $2,000 for his work -- were found using Google's memory error detection tool, AddressSanitizer. Released in June, AddressSanitizer can detect a variety of errors, including "use-after-free" memory management bugs like those reported by Gerkis.
Four of the flaws were related to Google's parsing of PDF documents -- the browser includes a built-in PDF viewer, eliminating the need to launch Adobe's free Reader application -- while two others were found in Chrome's processing of SVG (scalar vector graphics) images.
Per its usual practice, Google blocked access to its bug tracking database for all 15 vulnerabilities to prevent outsiders from obtaining details that could be used to craft exploits. Google typically opens up the database weeks or even months later, after it's sure a majority of users have had their browsers upgraded by Chrome's silent updating process.
Google usually includes only a handful of obvious changes in each Chrome upgrade, and held to that practice yesterday: The sole feature it touted was the option to add additional users to Chrome so that several people could use the browser on a shared Mac or PC, but keep their synchronized content -- bookmarks, passwords, installed apps, and more -- separate.
The multi-use sync debuted in early November in a beta of Chrome 16.
According to Irish metrics company StatCounter, Chrome accounted for nearly 26% of all browsers used last month, enough to pass Firefox and take second place behind Microsoft's Internet Explorer (IE).
Another measurement firm, U.S.-based Net Applications, still had Chrome behind Firefox, but projections based on its data showed that Google's browser would jump Mozilla's no later than May 2012.
Chrome 16 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically via the browser's behind-the-scenes service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
- Firefox risks irrelevance as mobile browsing booms
- Firefox UI revamp sparks complaints, searches for alternatives
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization Read this white paper to learn how far WAN optimization has come, and how to make this most of your investments by using...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel... All Desktop Apps White Papers | Webcasts