Google ships Chrome 17, touts more malware alerts and page preloads
Patches 20 vulnerabilities, pays $10,500 in bounties to four bug hunters
Computerworld - Google today patched 20 vulnerabilities in the desktop edition of Chrome and added new anti-malware download warnings to version 17.
The company called out a pair of new features in Chrome 17, including the expansion of anti-malware download warnings and prerendering of pages suggested by the address/search bar's auto-complete function.
Google last refreshed Chrome eight weeks ago, on Dec. 13. Google generates an update to its "stable" channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla's every-six-weeks pace.
One of the 20 vulnerabilities patched today was rated "critical," the most dire ranking in Google's threat system. Eight were marked "high," while five were labeled "medium" and six were tagged "low."
Google paid $10,500 in bounties to four researchers for reporting 11 bugs, and another $3,133 to one of the four who uncovered a serious flaw that was quashed by developers before Chrome 17 made it to today's release. The nine other vulnerabilities were uncovered by members of Google's own security team, which includes developers who contribute to the open-source Chromium project -- which feeds code to Chrome -- or those who, for one reason or other, were not bonus-eligible.
Per its usual practice, Google blocked access to its bug tracking database for all 20 vulnerabilities to prevent outsiders from obtaining details that could be used to build exploits. Google typically opens up the database weeks or even months later, after it's sure a majority of users have migrated to the new edition.
Google typically includes a handful of obvious changes in each Chrome upgrade, and it stayed with that practice today: The two features visible to users were an extension of Chrome's long-running anti-malware download warnings and faster displaying of some Web pages.
The new download warnings alert users when they try to retrieve executable Windows files -- including those with the ".exe" and ".msi" extensions -- that Google knows or suspects are malicious, or are hosted on a website that commonly distributes threats.
Such warnings have been part of Chrome since version 12, which launched in June 2011, but they've been expanded in Chrome 17.
If the file isn't a known quantity or isn't from a reputable publisher, information about the file is sent to Google, which runs it through an analyzer to rank its "reputation and trustworthiness [compared to] files previously seen from the same publisher and website," said the company last month.
Suspicious files -- ones that match the criteria of others known to come from the same source -- are tagged, and if there's a high probability that it's malicious, the user sees an alert.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- System and Data Protection, Recovery and Availability This white paper describes how ARCserve works and the benefits it can provide IT environments of all sizes.
- Simplifying Data Protection, Reducing Risk of Data Loss and System Downtime This white paper outlines what IT organizations should look for in a data protection solution, including simplicity and ease of deployment, comprehensive protection,...
- Complexity Ate My Budget When it comes to data protection, having multiple point solutions is not the answer. Find out how to gain a holistic view of...
- Three Best Practices to Help Government Agencies Overcome BYOD Challenges This paper highlightschallenges facing government IT in a BYOD environment and discusses strategies for network preparation, ongoing support, and securing information to enable...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Desktop Apps White Papers |