Saturday, January 07, 2012

Google Chrome fixes vulnerabilities, offers Beta version

Google Chrome, probably the fastest browser to load most web pages (I find Firefox slower), has  new fixes to three or more possible security vulnerabilities, in version 16.0.912.75.

An article in InfoSecurity, tweeted yesterday by Webroot, briefly discusses the fixed problems here.

Google’s technical post describing the security fix  (the “Stable Channel Update”) is here.   Apparently the fixes download automatically when a new Chrome window is opened.  The problems involved two kinds of buffer overflow and a “user-after-free” in animation frames.  I don’t know whether the “controversial” keyloggers identified by Webroot in the past were addressed.

“Buffer overflow” is a bit of a mystery to novices.  But once, while working for ING back around 2000, I saw a demonstration in a one-day security forum at the University of St. Thomas in St. Paul MN. 

That page gives a subordinate link to another page , the “Chromium Security Page”,  (link) which explains how the public can get involved in problem detection and in proposing fixes.   (I didn't need the "You're awesome" greeting.)  However, to get involved, one needs to apply and demonstrate a background with the relevant technical experience.

Google is also offering a beta release  for  Version 17, which is supposed to improve speed while retaining all the security fixes.  A different Chrome blog posting, “Speed and Security”, Jan. 5,  describes the release here.

I tried download the Beta on an older Windows XP machine.  I found Kaspersky Security interrupted it, and the download proceeded when allowed.  The product is not telling me that it is the Beta version, as far as I can see. 

Google Chrome has a late 2010 YouTube video explaining Sandboxing:

No comments: