Google fixes 22 flaws in Chrome, slams silent add-ons
Also yanks MathML, which just made it into Chrome last month, over security concerns
Computerworld - Google yesterday released Chrome 25, patching 22 vulnerabilities and debuting a new security feature that blocks silent installations of add-ons.
The latter is Chrome 25's most noticeable change to users. It automatically disables third-party add-ons that are installed on the sly by other software. Add-ons -- Google calls them "extensions" -- that were previously installed by third-party software will also be barred from running.
Users can approve a silent-installed extension by clicking a button in the dialog box that appears when Chrome blocks the add-on.
Google's move follows a similar one made by Mozilla more than a year ago, when it, too, crippled silently-installed add-ons. In November 2011, Mozilla debuted Firefox 8, which automatically blocked browser add-ons installed by other software.
Although silent add-ons have historically been more of a problem for Firefox than for Chrome, Google has been limiting add-ons since July 2012, when Chrome 21 began blocking add-ons hosted on a third-party website. Since then, only add-ons obtained from the Chrome Web Store, Google's official distribution mart, have been allowed.
Website designers can, however, trigger an add-on install from their URL using what Google dubbed "inline installation." The actual add-on, however, is still hosted on the Chrome Web Store.
Silent add-on installation has been possible only on Windows; OS X and Linux do not offer slippery websites a way to sneak an add-on into a browser.
Google has created a dictation demonstration of the Web Speech API that users can try out with Chrome 25.
Chrome 25 also patched 22 vulnerabilities, two fewer than January's Chrome 24. Google labeled nine of the flaws as "high," the company's second-most-serious threat rating, eight as "medium," and five as "low."
Five of the vulnerabilities were reported to Google by three outside researchers, who received $3,500 for their work. So far this year, Google has paid out $10,500 from its bug bounty program.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Data on the Move = Business on the Move; How Strategic Secure Managed File Transfer Adds Value and Drives Business This whitepaper describes the formal and informal file-sharing methods business employees use to perform their daily functions and explains that, from sending small...
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- Supercharge Your Web and Mobile App Development with High-Productivity Hybrid Cloud Webinar: Hear from industry experts about the amazing power at the intersection of next-generation web and mobile application development and cloud platforms.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Internet White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!