Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
Updates browser after paying nearly $30,000 in bug bounties
Computerworld - Google earlier this week updated Chrome to version 34, patching 31 vulnerabilities and paying out nearly $30,000 in bug bounties to outside researchers.
Chrome 34 shipped Tuesday as an automatic update for Windows, OS X and Linux users. On the same day, Google also refreshed Chrome OS, its browser-based operating system that powers various vendors' inexpensive notebooks.
Google paid $29,500 in bounties for 12 bugs reported by outsiders and an additional 19 found by in-house researchers and other contributors to Chromium, the open-source project that feeds code into Chrome.
Five of the 12 bounty-eligible vulnerabilities were tagged as "use-after-free" flaws, a type of memory management bug that Chrome researchers have been adept at finding, in large part because of the Google-designed "Address Sanitizer" fuzzing tool, which is available to outside bug hunters.
Google posted its usual terse descriptions of the vulnerabilities addressed in the update on April 8.
Elsewhere in Chrome 34, Google updated Flash Player to the most current version. Also on Tuesday, Adobe patched four flaws in the media player, including one that was revealed by French vulnerability broker Vupen at the Pwn2Own hacking contest the month before. Vupen was awarded $75,000 for its successful exploit of Flash Player.
Adobe has not yet patched a second vulnerability used at Pwn2Own by a different team.
Besides the bug fixes, Google added support for importing supervised users into Chrome on new computers, a feature that debuted in February with the beta version of the browser. "Supervised users" are typically family members, usually children, who are given access to Chrome on a shared personal computer; one in the family acts as an administrator of sorts, who manages a list of permitted and/or blocked websites, and takes requests for access to other URLs.
Those supervised-user settings can now be imported to any Chrome-equipped device in the home that's running Windows, OS X or Linux, eliminating the need to recreate those settings when the family adds another personal computer to the household. After import, those settings are kept synchronized across all devices.
Chrome 34 also debuted a tweaked version for Windows 8.1's "Modern," née "Metro" mode, responding to critics who had blasted Google for adopting a non-standard scrollbar they said made it harder for them to navigate pages.
Those grievances had focused on two: Chrome's scrollbars were significantly thinner, and Google dumped the scroll arrows, also called "steppers," within the scrollbar.
Google quickly recanted the stripping of steppers, and just days after the new Metro-mode user interface (UI) appeared, said it would restore them in Chrome 34.
The company made good on that promise this week. "[We] heard feedback that certain functionality was dearly missed," said SarahMM, who was identified as a Google employee, in a message posted Wednesday to a Chrome support forum. "We've made changes; in Chrome 34 you will see a return of the arrow buttons to scrollbars, the ability to once again auto-hide the app shelf in Windows 8 mode, and more consistency in UI design of text boxes."
People who haven't tried Google's desktop browser can download Chrome 34 for Windows, OS X and Linux from Google's website. Current users can let the automatic updater download and install the new version.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
- Firefox risks irrelevance as mobile browsing booms
- Firefox UI revamp sparks complaints, searches for alternatives
Read more about Internet in Computerworld's Internet Topic Center.
- Social Media Education: The New Edge for Success Failure to train for social media will cost your business money. A recent report showed how digitally prepared companies can unlock up to...
- Social Media in Technology: A Unified Strategy for Success Find out how social media is sparking a new era of customer and industry-understanding in technology enterprises and how industry leaders are overcoming...
- Printer Installer: Eliminating Print Servers Printer Installer is an on-premise web application that enables you to centrally manage and deploy Windows shared or direct iP printers.
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Internet White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!