Google ships Chrome 16, patches 15 vulnerabilities
Adds multi-user sync for shared PCs and Macs
Computerworld - Google yesterday patched 15 vulnerabilities in Chrome, paying $6,000 in bounties to bug hunters who reported some of them, and updated the browser to version 16.
The one new feature in the upgrade that Google called out was multi-user synchronization of bookmarks, passwords and apps.
Google last refreshed Chrome seven weeks ago on Oct 25. Google produces an update to its "stable" channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla's every-six-week pace.
Six of the 15 vulnerabilities patched Tuesday were rated "high," the second-most-serious ranking in Google's system, while seven were labeled "medium" and another two were tagged as "low."
Google paid $6,000 in bounties, or less than a fourth of what it laid out in October, to five researchers for reporting seven bugs. The eight other vulnerabilities were uncovered by members of Google's own security team, developers who contribute to the open-source Chromium project -- which feeds code to Chrome -- or were ranked low and so not eligible for a bonus.
The company has paid just over $180,000 so far this year in bounties to outside researchers.
Several of the bugs, including a pair attributed to independent researcher Arthur Gerkis -- who earned $2,000 for his work -- were found using Google's memory error detection tool, AddressSanitizer. Released in June, AddressSanitizer can detect a variety of errors, including "use-after-free" memory management bugs like those reported by Gerkis.
Four of the flaws were related to Google's parsing of PDF documents -- the browser includes a built-in PDF viewer, eliminating the need to launch Adobe's free Reader application -- while two others were found in Chrome's processing of SVG (scalar vector graphics) images.
Per its usual practice, Google blocked access to its bug tracking database for all 15 vulnerabilities to prevent outsiders from obtaining details that could be used to craft exploits. Google typically opens up the database weeks or even months later, after it's sure a majority of users have had their browsers upgraded by Chrome's silent updating process.
Google usually includes only a handful of obvious changes in each Chrome upgrade, and held to that practice yesterday: The sole feature it touted was the option to add additional users to Chrome so that several people could use the browser on a shared Mac or PC, but keep their synchronized content -- bookmarks, passwords, installed apps, and more -- separate.
The multi-use sync debuted in early November in a beta of Chrome 16.
According to Irish metrics company StatCounter, Chrome accounted for nearly 26% of all browsers used last month, enough to pass Firefox and take second place behind Microsoft's Internet Explorer (IE).
Another measurement firm, U.S.-based Net Applications, still had Chrome behind Firefox, but projections based on its data showed that Google's browser would jump Mozilla's no later than May 2012.
Chrome 16 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically via the browser's behind-the-scenes service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts