msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

28 Dec 12 Chrome 25 blocks sneaky add-ons


Computerworld - Google on Friday said Chrome 25, now in development, automatically blocks browser add-ons installed on the sly by other software.

The measure mimics what rival Mozilla did for Firefox over a year ago.

Auto-blocking has already appeared in Chrome 25 for Windows on the “dev” channel — Google’s least-polished public version — which debuted last month. By the browser’s semi-regular release schedule, Chrome 25 will reach the final “stable” channel, and thus the bulk of users, in the second half of February 2013.

According to Peter Ludwig, a Chrome product manager, Chrome 25 will automatically disable any browser extensions silently installed by other software. Extensions previously installed by third-party software will also be barred from running.

Chrome users can switch on such extensions manually, or remove them from the browser and their PC.

Although Ludwig never used the word “security” in his Dec. 21 blog post, the change’s provenance was clear.

“[Silent installation] was originally intended to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application,” Ludwig explained. “Unfortunately, this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgment from users.”

Google was more than a year behind rival Mozilla in banning extensions installed behind users’ backs. In Aug. 2011, Mozilla said Firefox 8 would automatically block browser add-ons installed by other software. Firefox 8 shipped three months later.

Add-ons bundled with third-party software had been a problem for Firefox users, who complained loudly when they found mysterious extensions on their computers.

A toolbar installed in Firefox alongside Skype, for example, caused so many crashes in Jan. 2011 — 40,000 in only one week — that Mozilla blocked the add-on after calling the Internet phone company a “repeat offender.” In 2009, Microsoft silently slipped an add-on into Firefox that left browser users open to attack.

Google has also made other moves this year to lock down extensions. As of Chrome 21, which launched last July, the browser will not accept add-ons installed directly from websites, but only from the Chrome Web Store. Previously, any website could prompt a Chrome user to install an extension.

“Online hackers may create websites that automatically trigger the installation of malicious extensions,” Google noted in a Chrome Help page that explained the new rules. “Their extensions are often designed to secretly track the information you enter on the web, which the hackers can then reuse for other ill-intended purposes.”

That security measure has not been foolproof, however, as a Facebook-theme scam detailed by Webroot last week illustrated: The rogue add-on was placed on the Chrome Web Store, even though Google had said on the same Help page that, “We have started analyzing every extension that is uploaded to the Web Store and take down those we recognize to be malicious.”

Chrome 25′s dev version for Windows can be downloaded from Google’s website.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter@gkeizer, or subscribe to Gregg’s RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

More: Browser Topic Center

Read more about Internet in Computerworld’s Internet Topic Center.

Article source: http://www.computerworld.com/s/article/9235021/Chrome_25_blocks_sneaky_add_ons

Tags: , , , , ,

02 Jun 12 Chrome steals second place from Firefox in browser wars


Editor’s Note: This story is excerpted from Computerworld. For more Mac coverage, visit Computerworld’s Macintosh Knowledge Center.


  • Apple’s Safari grows faster than Chrome in July
  • Chrome, Safari reach record browser share highs


  • Internet Explorer on pace to drop below 50-percent share by 2011

  • Chrome again beats Firefox in browser gain race

  • Firefox 4 tops 100 million downloads, fails to move share

  • Opera is Facebook’s best browser play

Google’s Chrome passed Mozilla’s Firefox in May to become the world’s second-most-popular browser, according to data released by Web analytics company Net Applications.

The California-based firm was the second major metric company to track Chrome’s run to second. In November 2011, Irish measurement vendor StatCounter said Chrome had passed Firefox in its estimates.

Net Applications’ spot swapping came as a surprise: Earlier projections by Computerworld had pointed to a delay in Chrome’s capture of second place, perhaps to as late as August.

But in May, Chrome gained 1.3 percentage points, more than double its average increase over the last 12 months, to climb to 20.2%, while Firefox lost six-tenths of a point to fall to 19.6%.

Last month was the first time that Chrome cracked the 20% mark—the browser debuted in September 2008—and the first time that Firefox fell under that number in Net Applications’ data since October of the same year.

Firefox, backed by open-source developer Mozilla, peaked at just over 25% in April 2010, and has been on a slow-but-steady decline in usage share since then.

For Microsoft, May was a return to a more traditional pattern: Internet Explorer (IE) lost half a percentage point to end the month at 53.6%. May’s decline put an end to the two-month-in-a-row growth IE had experienced, and returned the browser to near the share it owned last March.

Even so, IE has gained share in three of the first five months of 2012.

Within the IE family, IE9 continued its ascent, adding one percentage point to account for 16.9% of all browsers on all operating systems. IE8 also was up, boosting its share by nearly half a point to 26.7%.

The other editions—2006’s IE7 and the 11-year-old IE6—lost share in May. IE6, the version Microsoft wants to disappear, lost a point last month, falling to 6.1%, a record low in Net Applications’ tracking. IE7 shed seven-tenths of a percentage point to drop to 3.4%, also a record.

While the shift toward IE9 can be attributed to the increasing uptake of Windows 7, IE8’s recent rebound is harder to explain. IE8 has grown its share in four of the first five months of the year compared to only two such months during all of 2011.

The shift toward IE8 and the above-average declines of both IE6 and IE7 so far this year may be due to Microsoft’s new practice of automatically upgrading older versions. Late last year, the company said it would begin to silently force Windows to upgrade IE to the newest-possible edition, ending a tradition of asking users’ permission for such moves.

In January, Microsoft started upgrading some PCs running Windows XP from IE6 or IE7 to IE8, and swapping IE9 for IE7 or IE8 on Vista and Windows 7.

The process started in Australia and Brazil, and is to gradually roll out worldwide this year. Microsoft has declined to provide the names of countries where it has switched on the silent IE upgrades.

Apple’s Safari lost two-tenths of a point last month to end at 4.6%, while Opera Software’s Opera was flat at 1.6%.

StatCounter’s calculations, however, were considerably different than Net Applications’, as they tend to be.

Net Applications had IE falling by almost two percentage points to 32.1%, while Chrome grew by 1.2 percentage points to 32.4%, making good on reports throughout May that showed Chrome would kick IE out of first place. Firefox, said StatCounter, climbed to 25.6%, while Safari and Opera didn’t budge, accounting for shares of 7.1% and 1.7%, respectively.

Net Applications calculates browser usage share with data obtained from more than 160 million unique visitors who browse 40,000 websites that the company monitors. More browser share figures can be found on the company’s site.


See more by Gregg Keizer on Computerworld.com.

Article source: http://www.macworld.com/article/1167053/chrome_steals_second_place_from_firefox_in_browser_wars.html

Tags: , , , , ,

01 Jun 12 Chrome Steals Second From Firefox in Browser Wars


Google’s Chrome passed Mozilla’s Firefox in May to become the world’s second-most-popular browser, according to data released today by Web analytics company Net Applications.

The California-based firm was the second major metric company to track Chrome’s run to second. In November 2011, Irish measurement vendor StatCounter said Chrome had passed Firefox in its estimates.

Net Applications’ spot swapping came as a surprise: Earlier projections by Computerworld had pointed to a delay in Chrome’s capture of second place, perhaps to as late as August.

But in May, Chrome gained 1.3 percentage points, more than double its average increase over the last 12 months, to climb to 20.2%, while Firefox lost six-tenths of a point to fall to 19.6%.

Last month was the first time that Chrome cracked the 20% mark — the browser debuted in September 2008 — and the first time that Firefox fell under that number in Net Applications’ data since October of the same year.

Chrome Steals Second From Firefox in Browser WarsChrome Steals Second From Firefox in Browser WarsFirefox, backed by open-source developer Mozilla, peaked at just over 25% in April 2010, and has been on a slow-but-steady decline in usage share since then.

For Microsoft, May was a return to a more traditional pattern: Internet Explorer (IE) lost half a percentage point to end the month at 53.6%. May’s decline put an end to the two-month-in-a-row growth IE had experienced, and returned the browser to near the share it owned last March.

Even so, IE has gained share in three of the first five months of 2012.

Within the IE family, IE9 continued its ascent, adding one percentage point to account for 16.9% of all browsers on all operating systems. IE8 also was up, boosting its share by nearly half a point to 26.7%.

The other editions — 2006′s IE7 and the 11-year-old IE6 — lost share in May. IE6, the version Microsoft wants to disappear, lost a point last month, falling to 6.1%, a record low in Net Applications’ tracking. IE7 shed seven-tenths of a percentage point to drop to 3.4%, also a record.

While the shift toward IE9 can be attributed to the increasing uptake of Windows 7, IE8′s recent rebound is harder to explain. IE8 has grown its share in four of the first five months of the year compared to only two such months during all of 2011.

The shift toward IE8 and the above-average declines of both IE6 and IE7 so far this year may be due to Microsoft’s new practice of automatically upgrading older versions. Late last year, the company said it would begin to silently force Windows to upgrade IE to the newest-possible edition, ending a tradition of asking users’ permission for such moves.

In January, Microsoft started upgrading some PCs running Windows XP from IE6 or IE7 to IE8, and swapping IE9 for IE7 or IE8 on Vista and Windows 7.

The process started in Australia and Brazil, and is to gradually roll out worldwide this year. Microsoft has declined to provide the names of countries where it has switched on the silent IE upgrades.

Apple‘s Safari lost two-tenths of a point last month to end at 4.6%, while Opera Software’s Opera was flat at 1.6%.

StatCounter’s calculations, however, were considerably different than Net Applications’, as they tend to be.

Net Applications had IE falling by almost two percentage points to 32.1%, while Chrome grew by 1.2 percentage points to 32.4%, making good on reports throughout May that showed Chrome would kick IE out of first place. Firefox, said StatCounter, climbed to 25.6%, while Safari and Opera didn’t budge, accounting for shares of 7.1% and 1.7%, respectively.

Net Applications calculates browser usage share with data obtained from more than 160 million unique visitors who browse 40,000 Web sites that the company monitors. More browser share figures can be found on the company’s site.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/256624/chrome_steals_second_from_firefox_in_browser_wars.html

Tags: , , , , ,

31 May 12 Chrome to take world’s top browser spot for May


Computerworld -

Google’s Chrome is about to grab the top browser spot for a full month for the first time from Microsoft’s Internet Explorer, data from a Web analytics company showed.

For the month through Monday, Chrome had an average usage share of 32.5%, slightly higher than Internet Explorer’s (IE) 32.1%, according to Irish company StatCounter.

If the remaining three days of May play out as did the previous 28, Chrome will take the browser crown from IE for a full month for the first time since Chrome’s September 2008 launch.

Previously, Chrome had edged IE on weekends, and then earlier this month topped Microsoft’s combined browser usage share for the week ending May 20. That trend continued in the month’s fourth week as Chrome beat IE 32.9% to 31.4% for the seven days ending May 27.

The spread between the two browsers for the fourth week of the month was 67% larger than during the third week, hinting that Chrome continues to gain momentum in the share race.

Other browsers remained steady. Through May 28, Mozilla’s Firefox accounted for 25.5% of all browsers used worldwide, while Apple‘s Safari and Opera Software’s Opera logged in at 7.1% and 1.8%, respectively.

But StatCounter’s numbers are contentious in some quarters.

Rival metrics firm Net Applications, for example, cites data that shows Chrome far behind IE, with April’s numbers spotting Chrome at 18.9% and IE at 54.1%, or almost three times larger. Net Applications does not make its daily share data available to the public, so a direct comparison with StatCounter’s numbers through Monday was not possible.

Although both companies discard Chrome’s pre-rendered pages — those that the browser loads in the background in case the user decides to view them — their methodologies differ significantly. For one thing, StatCounter tallies page views while Net Applications counts unique visitors.

More importantly, Net Applications — but not StatCounter — weights its data by country to account for the lack of Western insight into browsing habits in places like China, where IE is the overwhelming favorite. The result is that Net Applications’ numbers for IE are always much larger, and Chrome’s much smaller, than StatCounter’s.

Not surprisingly, Microsoft has accepted Net Applications’ estimates and rejected StatCounter’s.

The two companies’ numbers for Firefox, Safari and Opera are typically in the same ballpark. In April, 4.7 percentage points separated the numbers for Firefox, 2.3 points for Safari and just one-tenth of a percentage point for Opera.

The differences between their shares for IE and Chrome, however, were much larger: 13.3 percentage points for Chrome and a whopping 20 points for IE.

Those variances have been obvious of late. In the early months of 2012, Net Applications revealed a rebound of IE and a halt to Chrome’s usual growth. By Net Applications’ calculations, the turnaround has been IE’s most significant and longest-sustained since the browser began shedding share last decade, first to Firefox, then to Chrome.

Meanwhile, StatCounter has spotted no sign of an IE recovery, and has said IE’s share fell and Chrome’s climbed in each of the first four months of the year.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

More: Browser Topic Center

Read more about Browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.computerworld.com/s/article/9227536/Chrome_to_take_world_s_top_browser_spot_for_May?taxonomyId=71

Tags: , , , , ,

30 May 12 Chrome to Take World's Top Browser Spot for May


Google’s Chrome is about to grab the top browser spot for a full month for the first time from Microsoft’s Internet Explorer, data from a Web analytics company showed.

For the month through Monday, Chrome had an average usage share of 32.5%, slightly higher than Internet Explorer’s (IE) 32.1%, according to Irish company StatCounter.

If the remaining three days of May play out as did the previous 28, Chrome will take the browser crown from IE for a full month for the first time since Chrome’s September 2008 launch.

Chrome — powered by upswings each weekend — is likely to take the browser crown from Microsoft’s IE this month for the first time. (Data: StatCounter.)

Previously, Chrome had edged IE on weekends, and then earlier this month topped Microsoft’s combined browser usage share for the week ending May 20. That trend continued in the month’s fourth week as Chrome beat IE 32.9% to 31.4% for the seven days ending May 27.

The spread between the two browsers for the fourth week of the month was 67% larger than during the third week, hinting that Chrome continues to gain momentum in the share race.

Other browsers remained steady. Through May 28, Mozilla’s Firefox accounted for 25.5% of all browsers used worldwide, while Apple‘s Safari and Opera Software’s Opera logged in at 7.1% and 1.8%, respectively.

But StatCounter’s numbers are contentious in some quarters.

Rival metrics firm Net Applications, for example, cites data that shows Chrome far behind IE, with April’s numbers spotting Chrome at 18.9% and IE at 54.1%, or almost three times larger. Net Applications does not make its daily share data available to the public, so a direct comparison with StatCounter’s numbers through Monday was not possible.

Although both companies discard Chrome’s pre-rendered pages — those that the browser loads in the background in case the user decides to view them — their methodologies differ significantly. For one thing, StatCounter tallies page views while Net Applications counts unique visitors.

More importantly, Net Applications — but not StatCounter — weights its data by country to account for the lack of Western insight into browsing habits in places like China, where IE is the overwhelming favorite. The result is that Net Applications’ numbers for IE are always much larger, and Chrome’s much smaller, than StatCounter’s.

Not surprisingly, Microsoft has accepted Net Applications’ estimates and rejected StatCounter’s.

The two companies’ numbers for Firefox, Safari and Opera are typically in the same ballpark. In April, 4.7 percentage points separated the numbers for Firefox, 2.3 points for Safari and just one-tenth of a percentage point for Opera.

The differences between their shares for IE and Chrome, however, were much larger: 13.3 percentage points for Chrome and a whopping 20 points for IE.

Those variances have been obvious of late. In the early months of 2012, Net Applications revealed a rebound of IE and a halt to Chrome’s usual growth. By Net Applications’ calculations, the turnaround has been IE’s most significant and longest-sustained since the browser began shedding share last decade, first to Firefox, then to Chrome.

Meanwhile, StatCounter has spotted no sign of an IE recovery, and has said IE’s share fell and Chrome’s climbed in each of the first four months of the year.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/256373/chrome_to_take_worlds_top_browser_spot_for_may.html

Tags: , , , , ,

23 May 12 Pwnium hacking contest winners exploited 16 Chrome zero-days


Computerworld -

Google yesterday revealed that the two researchers who cracked Chrome in March at the company’s inaugural “Pwnium” hacking contest used a total of 16 zero-day vulnerabilities to win $60,000 each.

The number of bugs each researcher used — six in one case, “roughly” 10 in the other — was dramatically more than the average attack. The Stuxnet worm of 2010, called “groundbreaking” by some analysts, used just four bugs, only three of them previously-unknown “zero-day” vulnerabilities.

Google detailed only the half-dozen deployed by the researcher known as “Pinkie Pie” in a post to the Chromium blog yesterday. Details of the 10 used by Sergey Glazunov will not be disclosed until they are patched in other programs they afflict, said Jorge Lucangeli Obes and Justin Schuh, two Chrome security engineers, in the blog.

Pinkie Pie and Glazunov were the only prize winners at Pwnium, the March contest Google created after it withdrew from the long-running “Pwn2Own” hacking challenge. Google had pledged to pay up to $1 million, but ended up handing out just $120,000 — $60,000 to each of the men.

In previous P2n2Own contests, Chrome had escaped not only unscathed, but also untested by top-flight security researchers.

Pinkie Pie strung together six vulnerabilities on March 9 to successfully break out of the Chrome “sandbox,” an anti-exploit technology that isolates the browser from the rest of the system.

The vulnerabilities let him exploit Chrome’s pre-rendering — where the browser loads potential pages before a user views them — access the GPU (graphics processor unit) command buffers, write eight bytes of code to a predictable memory address, execute additional code in the GPU and escape the browser’s sandbox.

At the time of Pwnium, one Google program manager called Pinkie Pie’s exploits “works of art.”

Google patched Pinkie Pie’s bugs within 24 hours of his demonstration. Since then, the company has revealed technical details in its Chromium bug database of five of the six vulnerabilities.

Glazunov’s exploits relied on approximately 10 vulnerabilities — they, too, were patched within 24 hours — but Google is keeping information on those secret for now.

“While these issues are already fixed in Chrome, some of them impact a much broader array of products from a range of companies,” said Obes and Schuh. “We won’t be posting that part until we’re comfortable that all affected products have had an adequate time to push fixes to their users.”

Chrome, currently at version 19, had an estimated 18.9% of the browser usage market in April, according to metrics firm Net Applications. Rival StatCounter, however, pegged Chrome’s share for the month at 31.2%.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about Malware and Vulnerabilities in Computerworld’s Malware and Vulnerabilities Topic Center.

Article source: http://www.computerworld.com/s/article/9227404/Pwnium_hacking_contest_winners_exploited_16_Chrome_zero_days?source=rss_keyword_edpicks

Tags: , , , , ,

19 May 12 Google releases Chrome 19, adds tab sync and patches 20 bugs


Google on Tuesday released Chrome 19, patched 20 vulnerabilities in the browser and doled out $16,500 in bug bounties and rewards to independent researchers.

Chrome 19′s most obvious change is the new support for tab synchronization. Like the already available bookmark, password, app and extension sync, open tabs will now be kept in step on all copies of Chrome, on multiple platforms, including Android, that are linked to the same Google account.

Although Chrome 19 supports the feature, synchronization will not be enabled for all users immediately, said Raz Mathias, a Chrome software engineer. “The tab sync feature will be rolled out gradually over the coming weeks, Mathias said in a Tuesday blog.

Chrome is not breaking ground here.

Mozilla has had tab sync since Firefox 4, which shipped more than a year ago, and third-party extensions, like Xmarks, sync open tabs across browsers from different vendors.

Chrome was last upgraded seven weeks ago. Google releases a new “stable” version about every six to eight weeks and has been on a slightly slower schedule recently than rival Mozilla’s strict every-six-weeks tempo.

Chrome 19 also includes patches for 20 security vulnerabilities: Eight were ranked “high,” Google’s second-most-serious threat rating, seven were marked “medium,” and five were labeled “low.”

Seven of the vulnerabilities were described in Google’s brief advisory as “out-of-bounds” read or write flaws, a category of memory bugs where a function does not check that input doesn’t exceed allocated buffers.

Google paid $7,500 in bounties to six researchers for reporting nine vulnerabilities, including two that were not strictly within Chrome. One of the latter was a bug in a Linux Nvidia driver, for example.

The 11 remaining bugs were uncovered by Google’s own security team or were credited to Microsoft, or were not significant enough to rate a bounty.

Google also handed over an additional $9,000 to half-a-dozen researchers, some of whom collected other cash rewards, for reporting bugs that were patched by Google earlier in Chrome 19′s development process.

So far this year, Google has paid more than $230,000 to outside researchers for submitting Chrome vulnerabilities. More than half of that — $120,000 — was laid out in March at “Pwnium,” a Google-sponsored hacking challenge.

Tuesday’s update was the 13th this year that patched one or more vulnerabilities.

According to the latest figures from metric company Net Applications, Chrome has a usage share of about 19%. Irish measurement firm StatCounter, on the other hand, pegged Chrome’s share for April at 31%.

Chrome 19 can be downloaded for Windows, Mac OS X and Linux from Google’s website. The browser is updated automatically through its silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.itworld.com/software/277314/google-releases-chrome-19-adds-tab-sync-and-patches-20-bugs

Tags: , , , ,

18 May 12 Google Releases Chrome 19, Adds Tab Sync and Patches 20 Bugs


Google on Tuesday released Chrome 19, patched 20 vulnerabilities in the browser and doled out $16,500 in bug bounties and rewards to independent researchers.

Chrome 19′s most obvious change is the new support for tab synchronization. Like the already available bookmark, password, app and extension sync, open tabs will now be kept in step on all copies of Chrome, on multiple platforms, including Android, that are linked to the same Google account.

Although Chrome 19 supports the feature, synchronization will not be enabled for all users immediately, said Raz Mathias, a Chrome software engineer. “The tab sync feature will be rolled out gradually over the coming weeks, Mathias said in a Tuesday blog.

Chrome is not breaking ground here.

Mozilla has had tab sync since Firefox 4, which shipped more than a year ago, and third-party extensions, like Xmarks, sync open tabs across browsers from different vendors.

Chrome was last upgraded seven weeks ago. Google releases a new “stable” version about every six to eight weeks and has been on a slightly slower schedule recently than rival Mozilla’s strict every-six-weeks tempo.

Chrome 19 also includes patches for 20 security vulnerabilities: Eight were ranked “high,” Google’s second-most-serious threat rating, seven were marked “medium,” and five were labeled “low.”

Seven of the vulnerabilities were described in Google’s brief advisory as “out-of-bounds” read or write flaws, a category of memory bugs where a function does not check that input doesn’t exceed allocated buffers.

Google paid $7,500 in bounties to six researchers for reporting nine vulnerabilities, including two that were not strictly within Chrome. One of the latter was a bug in a Linux Nvidia driver, for example.

The 11 remaining bugs were uncovered by Google’s own security team or were credited to Microsoft, or were not significant enough to rate a bounty.

Google also handed over an additional $9,000 to half-a-dozen researchers, some of whom collected other cash rewards, for reporting bugs that were patched by Google earlier in Chrome 19′s development process.

So far this year, Google has paid more than $230,000 to outside researchers for submitting Chrome vulnerabilities. More than half of that — $120,000 — was laid out in March at “Pwnium,” a Google-sponsored hacking challenge.

Tuesday’s update was the 13th this year that patched one or more vulnerabilities.

According to the latest figures from metric company Net Applications, Chrome has a usage share of about 19%. Irish measurement firm StatCounter, on the other hand, pegged Chrome’s share for April at 31%.

Chrome 19 can be downloaded for Windows, Mac OS X and Linux from Google’s website. The browser is updated automatically through its silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/255654/google_releases_chrome_19_adds_tab_sync_and_patches_20_bugs.html

Tags: , , , ,

16 May 12 Google Releases Chrome 19, Adds Tab Sync and Patches 20 Bugs


Google on Tuesday released Chrome 19, patched 20 vulnerabilities in the browser and doled out $16,500 in bug bounties and rewards to independent researchers.

Chrome 19′s most obvious change is the new support for tab synchronization. Like the already available bookmark, password, app and extension sync, open tabs will now be kept in step on all copies of Chrome, on multiple platforms, including Android, that are linked to the same Google account.

Although Chrome 19 supports the feature, synchronization will not be enabled for all users immediately, said Raz Mathias, a Chrome software engineer. “The tab sync feature will be rolled out gradually over the coming weeks, Mathias said in a Tuesday blog.

Chrome is not breaking ground here.

Mozilla has had tab sync since Firefox 4, which shipped more than a year ago, and third-party extensions, like Xmarks, sync open tabs across browsers from different vendors.

Chrome was last upgraded seven weeks ago. Google releases a new “stable” version about every six to eight weeks and has been on a slightly slower schedule recently than rival Mozilla’s strict every-six-weeks tempo.

Chrome 19 also includes patches for 20 security vulnerabilities: Eight were ranked “high,” Google’s second-most-serious threat rating, seven were marked “medium,” and five were labeled “low.”

Seven of the vulnerabilities were described in Google’s brief advisory as “out-of-bounds” read or write flaws, a category of memory bugs where a function does not check that input doesn’t exceed allocated buffers.

Google paid $7,500 in bounties to six researchers for reporting nine vulnerabilities, including two that were not strictly within Chrome. One of the latter was a bug in a Linux Nvidia driver, for example.

The 11 remaining bugs were uncovered by Google’s own security team or were credited to Microsoft, or were not significant enough to rate a bounty.

Google also handed over an additional $9,000 to half-a-dozen researchers, some of whom collected other cash rewards, for reporting bugs that were patched by Google earlier in Chrome 19′s development process.

So far this year, Google has paid more than $230,000 to outside researchers for submitting Chrome vulnerabilities. More than half of that — $120,000 — was laid out in March at “Pwnium,” a Google-sponsored hacking challenge.

Tuesday’s update was the 13th this year that patched one or more vulnerabilities.

According to the latest figures from metric company Net Applications, Chrome has a usage share of about 19%. Irish measurement firm StatCounter, on the other hand, pegged Chrome’s share for April at 31%.

Chrome 19 can be downloaded for Windows, Mac OS X and Linux from Google’s website. The browser is updated automatically through its silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/255654/google_releases_chrome_19_adds_tab_sync_and_patches_20_bugs.html

Tags: , , , ,

10 May 12 Apple patches Safari, blocks outdated Flash Player


Computerworld -

Apple on Wednesday patched four security vulnerabilities in Safari and blocked outdated versions of Adobe’s Flash Player from running in its browser.

The Flash blocking move was similar to one Apple made last month when it stopped the Java plug-in from launching automatically.

Safari 5.1.7, which runs on OS X 10.6 and 10.7 — Snow Leopard and Lion, respectively — as well as on Windows XP, Vista and Windows 7, was released alongside another update for Lion that included a slightly-older version of the browser. Lion users must download and install both updates to push Safari to version 5.1.7.

The four security flaws fixed were the same ones patched Tuesday in iOS 5.1.1 for the iPhone, iPad and iPod Touch. All were labeled as bugs in WebKit, the open-source rendering engine that powers Safari as well as Google’s Chrome.

In fact, one of the vulnerabilities was first revealed by a researcher at the “Pwnium” hacking contest Google hosted last March. The researcher, Sergey Glazunov, was awarded $60,000 for pairing the flaw with another bug to bring down Chrome.

Glazunov was credited by Apple with reporting a second WebKit vulnerability, while another was attributed to a pair of engineers on the Chrome security team.

Along with the four patches, Apple also yanked Adobe’s Flash Player from Safari if the plug-in was older than version 10.1.102.64, which released in November 2010. Since then, Adobe has shipped Flash Player 11 for the Mac. It has also continued to maintain the older version 10, which now stands at version 10.3.183.19.

“This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory,” Apple’s advisory stated Wednesday. “This update presents the option to install an updated version of Flash Player from the Adobe website.”

Apple stopped bundling Flash Player with OS X in the fall of 2010, but users have been free to download and install the plug-in on their own. Microsoft last distributed Flash with the nearly-11-year-old Windows XP. Neither Windows Vista or Windows 7 included a preinstalled version of Adobe’s software.

Blocking Flash was the second such move by Apple in a month: On April 12, the company issued an OS X update that disabled automatic execution of Java applets by the Java browser plug-in. Apple took the step because of Flashback, a malware family that used a Java vulnerability to infect hundreds of thousands of Macs in a spree that still continues.

“As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days,” Apple said at the time.

Java Web Start is an Oracle technology that lets users single-click launch a Java app from within a browser without first downloading the app to the machine.

And Apple wasn’t the only browser maker to recently block Adobe software. On Friday, Mozilla added the Adobe Reader plug-in to its Firefox blocklist, citing compatibility problems that resulted in blank pages appearing when users clicked on a link to a PDF document.

Mozilla maintains a blocklist for extensions or plug-ins that cause significant security or performance issues in Firefox. The browser automatically queries the blocklist and notifies users before disabling the targeted plug-in.

According to Mozilla, it’s working with Adobe on a fix to Reader but will keep the plug-in on its blocklist until one is available.

Safari 5.1.7 can be downloaded from Apple’s website. Mac users will be notified of the new version automatically by OS X’s Software Update, while Windows users already running Safari will be alerted by a separate tool bundled with the browser.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

  • Apple patches Safari, blocks outdated Flash Player
  • Is Apple’s OS X Mountain Lion on early-release track?
  • Half of all Macs will lack access to security updates by summer
  • Flashback gang could be making $10K a day off infected Macs
  • Snow Leopard users most prone to Flashback infection
  • Does the iPad cannibalize Apple’s laptops?
  • New iPad owners pay big ‘halo’ dividends for Apple
  • Why is Apple CEO slamming laptop/tablet hybrids?
  • Macs contribute record-low 13% to Apple’s revenue
  • Update: Apple’s WWDC sells out in 2 hours

More in Apple Update

Read more about Mac OS in Computerworld’s Mac OS Topic Center.

Article source: http://www.computerworld.com/s/article/9227038/Apple_patches_Safari_blocks_outdated_Flash_Player

Tags: , , , , ,