Google fixes 22 flaws in Chrome, slams silent add-ons
Also yanks MathML, which just made it into Chrome last month, over security concerns
Computerworld - Google yesterday released Chrome 25, patching 22 vulnerabilities and debuting a new security feature that blocks silent installations of add-ons.
The latter is Chrome 25's most noticeable change to users. It automatically disables third-party add-ons that are installed on the sly by other software. Add-ons -- Google calls them "extensions" -- that were previously installed by third-party software will also be barred from running.
Users can approve a silent-installed extension by clicking a button in the dialog box that appears when Chrome blocks the add-on.
Google's move follows a similar one made by Mozilla more than a year ago, when it, too, crippled silently-installed add-ons. In November 2011, Mozilla debuted Firefox 8, which automatically blocked browser add-ons installed by other software.
Although silent add-ons have historically been more of a problem for Firefox than for Chrome, Google has been limiting add-ons since July 2012, when Chrome 21 began blocking add-ons hosted on a third-party website. Since then, only add-ons obtained from the Chrome Web Store, Google's official distribution mart, have been allowed.
Website designers can, however, trigger an add-on install from their URL using what Google dubbed "inline installation." The actual add-on, however, is still hosted on the Chrome Web Store.
Silent add-on installation has been possible only on Windows; OS X and Linux do not offer slippery websites a way to sneak an add-on into a browser.
Google has created a dictation demonstration of the Web Speech API that users can try out with Chrome 25.
Chrome 25 also patched 22 vulnerabilities, two fewer than January's Chrome 24. Google labeled nine of the flaws as "high," the company's second-most-serious threat rating, eight as "medium," and five as "low."
Five of the vulnerabilities were reported to Google by three outside researchers, who received $3,500 for their work. So far this year, Google has paid out $10,500 from its bug bounty program.
- Social Media Education: The New Edge for Success Failure to train for social media will cost your business money. A recent report showed how digitally prepared companies can unlock up to...
- Social Media in Technology: A Unified Strategy for Success Find out how social media is sparking a new era of customer and industry-understanding in technology enterprises and how industry leaders are overcoming...
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- Move Mission-Critical Apps to the Cloud with AWS and F5 Read this paper to learn about adoption inhibitors of the cloud, potential solutions, and how advanced Application Delivery Controller (ADC) technologies are critical...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Internet White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!