Google patches Chrome, beefs up malicious file blocking tech
Starts 2012 by paying out $2,000 in bug bounties
Computerworld - Google last week patched Chrome 16 and improved the download warnings in the impending Chrome 17.
Last Thursday, Google updated Chrome 16 with a security update that quashed three bugs, all rated "high," the company's second-most-dire threat rating.
Two of the bugs warranted bounties of $1,000 each, including one to a developer who works for rival Mozilla, maker of Firefox. Google, like Mozilla, pays outside investigators for bugs they report: Last year, Google wrote checks totaling $180,000 to bug hunters.
Also last week, Google released the first beta of the next edition in its line, Chrome 17.
According to Google engineer Dominic Hamon, Chrome 17 expands on the anti-malware download warnings that were first added to Chrome's code in April 2011 and appeared in the stable channel of the browser in June 2011's Chrome 12.
"Chrome now includes expanded functionality to analyze executable files -- such as '.exe' and .msi' files -- that you download," said Hamon in a blog post. "If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it."
While download warnings have been part of Chrome since version 12, they have been limited to alerts triggered only when a user tries to retrieve a Windows .exe file from a malicious site.
Although the addition of .msi files -- Windows application installers -- was the only enhancement to Chrome's anti-malware warnings that Hamon mentioned, he promised that others would follow. "We're starting small with this initial Beta release, but we'll be ramping up coverage for more and more malicious files in the coming months," he said.
Chrome uses Google's Safe Browsing technology to identify potentially malicious websites, and files downloaded from them. Apple's Safari and Firefox also rely on Safe Browsing for their malware site blocking.
Google is playing catch-up to Microsoft in this area. Since its March 2011 debut, Microsoft's Internet Explorer 9 (IE9) has used a feature called Application Reputation, or App Rep, to identify a file's contents and its digital certificate to determine whether it's a known application with an established reputation. If App Rep's algorithm ranks the file as unknown, IE9 throws up a warning when users try to run or save the file.
If Google keeps to its usual rapid-release schedule that produces a new version about every six weeks, Chrome 17 will likely ship in final form around Jan. 25.
Chrome 17's beta can be downloaded from Google's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- IE6: Retired but not dead yet
- Chrome users won't give up, keep pressing Google to restore old-style new tab page
- Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
- Firefox's UI face-lift on track for April debut
- Ex-Mozilla engineer blames Microsoft's rules for Metro Firefox's death
- Mozilla patches 20 Firefox flaws, plugs Pwn2Own holes
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts