msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

07 May 12 Adobe preps silent Flash updates for Macs


Computerworld - Adobe last week released a new beta of Flash Player that includes silent updates for Macs.

Adobe first included silent updates for OS X in the Flash Player beta a month ago; the version shipped Friday was tagged as “Beta 3.”

Adobe introduced silent updates for Flash Player on Windows in late March. At the time, the company committed to creating the same feature on OS X, but did not set a timetable.

As far as users are concerned, the Mac version is identical to the Windows tool: It pings Adobe’s servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later. Found updates, however, are applied entirely in the background, and do not display notices on the screen or require the user to take any action.

By default, Flash 11.3 has silent updates switched on, but users can change the setting to continue to receive on-screen alerts.

In the six weeks since Adobe released silent updates for Flash Player on Windows, it has shipped a pair of updates, including one last Friday that patched a “zero-day” vulnerability attackers were already exploiting.

Silent updates will not affect users who rely solely on Google’s Chrome, as that browser bundles Flash Player, and updates the Adobe software using its own background update service.

Another prominent feature in Flash Player 11.3 is a “sandboxed” plug-in for Mozilla’s Firefox on Windows Vista and Windows 7, second step in Adobe’s plan to stymie attacks that exploit unpatched Flash bugs.

A sandbox isolates processes on the computer, preventing or at least hindering malware that tries to push code onto a machine. Adobe sandboxed Flash Player for Chrome in late 2010 after working with Google engineers; the February release of a sandboxed plug-in for Firefox came after similar cooperation from Mozilla engineers.

Adobe plans to ship the final version of Flash Player 11.3 before the end of June.

Users who want to test drive the preview can download it from Adobe’s website.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter@gkeizer, or subscribe to Gregg’s RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

Read more about Internet in Computerworld’s Internet Topic Center.

Article source: http://www.computerworld.com/s/article/9226921/Adobe_preps_silent_Flash_updates_for_Macs

Tags: , , , ,

05 May 12 Adobe Patches New Flash Zero-day Bug With Emergency Update


Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

“There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message,” the Friday advisory said.

Microsoft Internet ExplorerMicrosoft Internet ExplorerAlthough all editions of Flash Player contain the vulnerability and should be patched, the active exploit is targeting only users of Microsoft’s Internet Explorer (IE).

Flash Player for IE is an ActiveX plug-in, the Microsoft-only standard; other browsers, including Firefox and Chrome, use a different plug-in structure.

The update was pegged with Adobe’s priority rating of “1,” used to label patches for actively-exploited vulnerabilities or bugs that will likely be exploited. For such updates, Adobe recommends that customers install the new version within 72 hours.

Adobe disclosed relatively few details about the vulnerability — its usual practice — other than to label it an “object confusion vulnerability,” note the Common Vulnerabilities Exposures ID of CVE-2012-0779, and acknowledge that triggering the bug “could cause the application to crash and potentially allow an attacker to take control of the affected system.”

It’s unclear how extensive the active attacks are, although Adobe’s calling them “targeted” hints at a low volume of attempts aimed at specific individuals or companies.

Today’s Flash Player update was the fourth this year — the latest before Friday was on March 28 — putting the frequently-patched program on about the same pace as last year, when Adobe issued a total of nine Flash security updates.

In March, Adobe addressed the frequent updating pain point — at least for Windows users — by shipping Flash Player 11.2, which uses a silent, background update mechanism. The silent update is supposed to kick in in some situations to automatically patch the plug-in in IE, Firefox, Safari and Opera on Windows without notifying or bothering users.

At the time, Adobe said it would switch on silent updates ” on a case-by-case basis,” but hinted that the service would primarily be used to distribute patches for zero-day vulnerabilities, such as today’s.

Friday, Adobe confirmed that it has, in fact, enabled Flash silent updates for Windows in this instance.

A Computerworld Windows 7 system, however, was not silently updated to 11.2.202.235, the patched version, within an hour of booting the PC, the interval the tool uses to check for new updates. Adobe was unable to explain the problem, other than to suggest an initial failure by those browsers to connect to its servers. In that case, the silent updater is designed to stop pinging Adobe for 24 hours before resuming.

The current stable version of Chrome — Google’s browser is the only one that includes the Adobe software in its updates — reports running the patched 11.2.202.235 edition of Flash Player. Google shipped that version of Chrome, 18.0.1025.168, on Monday, April 30, giving it a four-day jump on Adobe’s plug-in patching.

It was Chrome’s largest-ever lead: previously, Google has beaten Adobe to Flash Player patching by hours, or at most a day.

Adobe today again explained Chrome’s faster Flash patching by noting that it hands Flash updates to Google as “soon as we updated the code,” but needs more time on its part to test fixes on scores of operating system and browser combinations before it’s confident enough to ship the update to all users.

Microsoft’s vulnerability research group reported the Flash vulnerability to Adobe.

The patched versions of Flash Player for Windows, Mac, Linux and Solaris can be downloaded from Adobe’s website. Windows users can wait for the silent updater to kick in, run Flash’s update tool or wait for the software to prompt them that a new version is available.

Android users will be able to download the new version from Google Play, formerly the Android Market, later today, said Adobe.

To determine which version of Flash Player is running in any particular browser, users can steer to this Adobe page.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com

Article source: http://www.pcworld.com/article/255083/adobe_patches_new_flash_zeroday_bug_with_emergency_update.html

Tags: , , , , ,

24 Apr 12 Google boosts Web bug bounties to $20000


Computerworld - Google today dramatically raised the bounties it pays independent researchers for reporting bugs in its core websites, services and online applications.

The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment to the program.

The Vulnerability Reward Program (VRP) will now pay $20,000 for vulnerabilities that allow remote code execution against google.com, youtube.com and other core domains, as well as what the company called “highly sensitive services” such as its search site, Google Wallet, Gmail and Google Play.

Remote code flaws found in Google’s Web apps will also be rewarded $20,000.

The term “remote code execution” refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system and/or plant malware on a machine.

A $10,000 bounty will be paid for SQL injection bugs or “significant” authentication bypass or data leak vulnerabilities, Google said in the revised rules for the program.

Other bugs, including cross-site scripting (XSS) and cross-site request forgery (XSRF) flaws, will be compensated with payments between $100 and $3,133, with the amount dependent on the severity of the bug and where the vulnerability resides.

Google explained the higher bounties as ways “to celebrate the success of this [program] and to underscore our commitment to security.”

The website and web app reward program debuted in November 2010, and followed Google’s January 2010 launch of a bug bounty program for its Chrome browser. Google paid out about $180,000 in Chrome bounties last year.

The maximum award for reported Chrome vulnerabilities remains at $3,133, Google confirmed today.

Since VRP’s introduction, Google today said it has received more than 780 eligible bug reports, and in just over a year, paid out around $460,000 to approximately 200 researchers.

“We’re confident beyond any doubt the program has made Google users safer,” said Adam Mein, a Google security program manager, and Michal Zalewski, a engineer on the Google security team, in a Monday post to a company blog.

Google has shown that upping bounty payments will shake loose vulnerabilities it wasn’t aware existed.

Last month, the company wrote $60,000 checks to two researchers at Pwnium, the Chrome hacking contest it ran at the CanSecWest security conference in Vancouver, British Columbia.

Both researchers revealed bugs and associated attack code that demonstrated how hackers could escape the browser’s isolating, anti-exploit “sandbox, to hijack the browser and plant malware on a machine.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about Malware and Vulnerabilities in Computerworld’s Malware and Vulnerabilities Topic Center.

Article source: http://www.computerworld.com/s/article/9226476/Google_boosts_Web_bug_bounties_to_20_000

Tags: , , , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

03 Apr 12 IE's Browser Share Recovers, Chrome Down for Third Straight Month


Internet Explorer posted another major gain in share last month, the second in the first quarter of the year, perhaps signaling a turnaround in Microsoft’s fortunes, a Web metrics company said Sunday.

Meanwhile, every rival, including Google’s Chrome, which is usually the one stealing users, lost share.

Internet Explorer (IE) gained 1 percentage point during March, said measurement firm Net Applications, to end the month with a 53.8% share, its highest level since September 2011. Last month’s growth was the second this year of 1 point or more.

Chrome lost a third of a percentage point to close March with 18.6%, while Mozilla’s Firefox slipped by about the same to 20.6%, the open-source browser’s lowest number in more than three years.

Apple’s Safari and Opera Software’s desktop browsers also dipped, falling by two-tenths and one-tenth of a point, respectively, to 5.1% and 1.6%.

Chrome’s decline is especially notable, as March’s slide was the third consecutive month that Google’s once-hard-charging browser lost share. In the first quarter of 2012, Chrome has dropped more than half a percentage point, representing a 3% decline from the browser’s December 2011 number.

Previously, Net Applications has attributed Chrome’s skid to Google’s January demotion of the browser’s search ranking and then last month, to recalculations that eliminated the extra activity generated by Chrome’s pre-rendering feature.

Google restored Chrome’s search ranking last month.

It was unclear whether the rise of Internet Explorer (IE) and the fall of every rival was due to a rejiggering of Net Applications’ numbers.

Like most Web measurement firms, Net Applications has more data on some nations — the U.S., for instance — and relatively small samples from others, such as China. To produce what it believes is a more accurate representation of global browser usage, Net Applications weights its Chinese data proportionally higher because that country has a greater percentage of the world’s Internet users than the U.S.

Net Applications uses online population numbers provided by the U.S. Central Intelligence Agency (CIA), which has regularly tracked big jumps in China’s part of the browser-user pie, and corresponding drops in the percentage of the world’s users who hail from the U.S., Europe and other developed countries. Earlier this year, a company spokesman confirmed that it would revamp its calculations with newer CIA numbers at some point.

In February 2011, after Net Applications’ last accounting change , IE’s usage share jumped an eighth of a percentage point, at that time its largest one-month increase ever.

Because Chinese users overwhelmingly rely on IE, or a modified version of Microsoft ‘s browser, the country can easily skew Net Applications’ share estimates toward IE as more people there access the Web.

Microsoft, not surprisingly, applauds Net Applications’ country-by-country weighting system, going so far last month as to explicitly challenge the accuracy of the data from another metrics company, Ireland’s StatCounter, which also publishes monthly browser share numbers.

Net Applications did not reply Sunday to questions about whether it revised its weighting formula last month, and if so, what impact that had on IE’s share.

Microsoft mentioned the overall gains of IE in passing on Sunday, but as it’s done for months, focused on increases of Internet Explorer 9 (IE9).

“We … see great strides made against our core metric: IE9 against Windows 7 ,” said Roger Capriotti, director of IE marketing, in a Sunday post to a company blog.

Almost since IE9′s debut, Microsoft has ignored IE’s aggregate performance — which admittedly has been dismal until late — and instead focused on the growth of its newest browser among Windows 7 users, a combination the company has regularly claimed is the only measurement that matters.

By Net Applications’ numbers, IE9 accounts for 34.5% of the world’s browsers used on that operating system, an increase of more than four percentage points from February, and owns a 48.9% share of the Windows 7 browser market in the U.S., a jump of 8.5 points.

The browser’s global share of all operating systems, however, is significantly lower, at 15.2%, but even that was a bump of 2.6 percentage points, the largest single-month gain since IE9′s March 2011 launch.

Other editions of Microsoft’s browser didn’t fare as well: IE8 lost 2.5 percentage points to fall to 25.4%, while IE7 dropped to 4.5%. IE6, the nearly 11-year-old browser that Microsoft has been trying to bury, stayed flat at 6.9%.

StatCounter, however, told a different tale.

The Irish company, which neither adjusts its statistics for each country’s online population nor discards Chrome’s pre-rendered pages, said that IE controlled 34.8% of the browser market, down nine-tenths of a point, while Chrome grew by more than a point to end March at 30.9%. Firefox, said StatCounter, remained stable at 25%.

Net Applications calculates browser usage share with data obtained from more than 160 million unique visitors who browse 40,000 Web sites that the company monitors. More browser share figures can be found on the company’s site.

Internet Explorer share has ticked up this year, while Chrome has lost a little ground. (Data: Net Applications.)

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg’s RSS feed . His email address is gkeizer@computerworld.com .

See more by Gregg Keizer on Computerworld.com .

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/252992/ies_browser_share_recovers_chrome_down_for_third_straight_month.html

Tags: , , , , ,

02 Apr 12 IE’s Browser Share Recovers, Chrome Down for Third Straight Month


Internet Explorer posted another major gain in share last month, the second in the first quarter of the year, perhaps signaling a turnaround in Microsoft’s fortunes, a Web metrics company said Sunday.

Meanwhile, every rival, including Google’s Chrome, which is usually the one stealing users, lost share.

Internet Explorer (IE) gained 1 percentage point during March, said measurement firm Net Applications, to end the month with a 53.8% share, its highest level since September 2011. Last month’s growth was the second this year of 1 point or more.

Chrome lost a third of a percentage point to close March with 18.6%, while Mozilla’s Firefox slipped by about the same to 20.6%, the open-source browser’s lowest number in more than three years.

Apple’s Safari and Opera Software’s desktop browsers also dipped, falling by two-tenths and one-tenth of a point, respectively, to 5.1% and 1.6%.

Chrome’s decline is especially notable, as March’s slide was the third consecutive month that Google’s once-hard-charging browser lost share. In the first quarter of 2012, Chrome has dropped more than half a percentage point, representing a 3% decline from the browser’s December 2011 number.

Previously, Net Applications has attributed Chrome’s skid to Google’s January demotion of the browser’s search ranking and then last month, to recalculations that eliminated the extra activity generated by Chrome’s pre-rendering feature.

Google restored Chrome’s search ranking last month.

It was unclear whether the rise of Internet Explorer (IE) and the fall of every rival was due to a rejiggering of Net Applications’ numbers.

Like most Web measurement firms, Net Applications has more data on some nations — the U.S., for instance — and relatively small samples from others, such as China. To produce what it believes is a more accurate representation of global browser usage, Net Applications weights its Chinese data proportionally higher because that country has a greater percentage of the world’s Internet users than the U.S.

Net Applications uses online population numbers provided by the U.S. Central Intelligence Agency (CIA), which has regularly tracked big jumps in China’s part of the browser-user pie, and corresponding drops in the percentage of the world’s users who hail from the U.S., Europe and other developed countries. Earlier this year, a company spokesman confirmed that it would revamp its calculations with newer CIA numbers at some point.

In February 2011, after Net Applications’ last accounting change , IE’s usage share jumped an eighth of a percentage point, at that time its largest one-month increase ever.

Because Chinese users overwhelmingly rely on IE, or a modified version of Microsoft ‘s browser, the country can easily skew Net Applications’ share estimates toward IE as more people there access the Web.

Microsoft, not surprisingly, applauds Net Applications’ country-by-country weighting system, going so far last month as to explicitly challenge the accuracy of the data from another metrics company, Ireland’s StatCounter, which also publishes monthly browser share numbers.

Net Applications did not reply Sunday to questions about whether it revised its weighting formula last month, and if so, what impact that had on IE’s share.

Microsoft mentioned the overall gains of IE in passing on Sunday, but as it’s done for months, focused on increases of Internet Explorer 9 (IE9).

“We … see great strides made against our core metric: IE9 against Windows 7 ,” said Roger Capriotti, director of IE marketing, in a Sunday post to a company blog.

Almost since IE9′s debut, Microsoft has ignored IE’s aggregate performance — which admittedly has been dismal until late — and instead focused on the growth of its newest browser among Windows 7 users, a combination the company has regularly claimed is the only measurement that matters.

By Net Applications’ numbers, IE9 accounts for 34.5% of the world’s browsers used on that operating system, an increase of more than four percentage points from February, and owns a 48.9% share of the Windows 7 browser market in the U.S., a jump of 8.5 points.

The browser’s global share of all operating systems, however, is significantly lower, at 15.2%, but even that was a bump of 2.6 percentage points, the largest single-month gain since IE9′s March 2011 launch.

Other editions of Microsoft’s browser didn’t fare as well: IE8 lost 2.5 percentage points to fall to 25.4%, while IE7 dropped to 4.5%. IE6, the nearly 11-year-old browser that Microsoft has been trying to bury, stayed flat at 6.9%.

StatCounter, however, told a different tale.

The Irish company, which neither adjusts its statistics for each country’s online population nor discards Chrome’s pre-rendered pages, said that IE controlled 34.8% of the browser market, down nine-tenths of a point, while Chrome grew by more than a point to end March at 30.9%. Firefox, said StatCounter, remained stable at 25%.

Net Applications calculates browser usage share with data obtained from more than 160 million unique visitors who browse 40,000 Web sites that the company monitors. More browser share figures can be found on the company’s site.

Internet Explorer share has ticked up this year, while Chrome has lost a little ground. (Data: Net Applications.)

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg’s RSS feed . His email address is gkeizer@computerworld.com .

See more by Gregg Keizer on Computerworld.com .

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/252992/ies_browser_share_recovers_chrome_down_for_third_straight_month.html

Tags: , , ,

01 Apr 12 Google Claims Latest Chrome is Speedier


Google last week patched nine vulnerabilities in Chrome and boosted the speed and reach of the browser’s hardware acceleration with the launch of version 18.

According to the company, Chrome 18 enables accelerated Canvas 2D on Windows and Mac machines with compatible graphics processor units (GPUs), and expands support for the WebGL 3D standard to older systems.

Canvas 2D acceleration has been part of earlier builds of Chrome, but this is the first time that Google has turned it on in a “stable” version of the browser.

Google last refreshed Chrome seven weeks ago on Feb. 8. 2012. Google generates an update to its stable channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla’s strict every-six-weeks tempo.

Three of the nine vulnerabilities patched today were rated “high,” the second-most dire ranking in Google’s threat system. Five were marked “medium” and one was tagged “low.”

Google paid $4000 in bounties to six researchers for reporting the same number of bugs, and handed another $8,000 to four investigators who uncovered flaws that were patched by Google engineers before Chrome 18 made it to its final milestone. The three remaining vulnerabilities in the nine were uncovered by Google’s own security team.

The search firm has paid more than $210,000 to outside researchers from its bug bounty and hacking challenge accounts this year. The latter, dubbed “Pwnium,” laid out $120,000 to two researchers at the CanSecWest security conference earlier this month.

Chrome 18 also included the new Adobe Flash Player 11.2, which featured patches for two critical vulnerabilities in the popular media software. Chrome is the only browser to bundle Flash Player.

Flash Player 11.2′s most prominent feature — a new background update mechanism for Windows PCs — is not applicable to the version integrated with Chrome, since the browser uses its own silent update service to deliver fixes for the oft-exploited and -repaired plug-in.

Per its usual practice, Google blocked access to its bug tracking database for the just-patched vulnerabilities to prevent outsiders from gleaning information that could be used to build exploits.

The enabling of hardware-accelerated Canvas 2D — a function within HTML5 — will speed up rendering in Web applications, including games, Google said in a blog post Wednesday.

And WebGL support has been extended to systems with older GPUs and drivers in Chrome 18, said Google, courtesy of a licensing arrangement with Canadian company TransGaming, whose SwiftShader software rasterizer kicks in on machines not able to use WebGL, such as PCs running Windows XP.

Adobe also licenses SwiftShader.

Chrome 18 users can enter “chrome://gpu” in the address bar — sans the quotation marks — to see a summary of what hardware acceleration standards their PC or Mac supports.

Chrome Stays in Third Place

Internet metrics company Net Applications said earlier this month that Chrome accounted for 18.9 percent of all browsers used in February, keeping it in third place behind Firefox (with 20.9 percent) and Microsoft’s Internet Explorer (52.8 percent).

Rival measurement company StatCounter, however, currently puts Chrome at 30.8 percent for March so far, with IE at 34.8 percent and Firefox at 25 percent.

On two days this month — both Sundays, when more people are likely to use their home computers than a work machine — StatCounter’s numbers showed Chrome’s share was higher than IE’s .

Microsoft has disputed StatCounter’s claim , arguing that the Irish analytics firm’s data is inaccurate because it doesn’t account for the sparse numbers from countries like China, and doesn’t eliminate the “pre-rendered” pages Chrome loads but that a user may never view.

Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will be updated automatically through its silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg’s RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com .

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/252907/google_claims_latest_chrome_is_speedier.html

Tags: , , ,

31 Mar 12 Google Claims Latest Chrome is Speedier


Google last week patched nine vulnerabilities in Chrome and boosted the speed and reach of the browser’s hardware acceleration with the launch of version 18.

According to the company, Chrome 18 enables accelerated Canvas 2D on Windows and Mac machines with compatible graphics processor units (GPUs), and expands support for the WebGL 3D standard to older systems.

Canvas 2D acceleration has been part of earlier builds of Chrome, but this is the first time that Google has turned it on in a “stable” version of the browser.

Google last refreshed Chrome seven weeks ago on Feb. 8. 2012. Google generates an update to its stable channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla’s strict every-six-weeks tempo.

Three of the nine vulnerabilities patched today were rated “high,” the second-most dire ranking in Google’s threat system. Five were marked “medium” and one was tagged “low.”

Google paid $4000 in bounties to six researchers for reporting the same number of bugs, and handed another $8,000 to four investigators who uncovered flaws that were patched by Google engineers before Chrome 18 made it to its final milestone. The three remaining vulnerabilities in the nine were uncovered by Google’s own security team.

The search firm has paid more than $210,000 to outside researchers from its bug bounty and hacking challenge accounts this year. The latter, dubbed “Pwnium,” laid out $120,000 to two researchers at the CanSecWest security conference earlier this month.

Chrome 18 also included the new Adobe Flash Player 11.2, which featured patches for two critical vulnerabilities in the popular media software. Chrome is the only browser to bundle Flash Player.

Flash Player 11.2′s most prominent feature — a new background update mechanism for Windows PCs — is not applicable to the version integrated with Chrome, since the browser uses its own silent update service to deliver fixes for the oft-exploited and -repaired plug-in.

Per its usual practice, Google blocked access to its bug tracking database for the just-patched vulnerabilities to prevent outsiders from gleaning information that could be used to build exploits.

The enabling of hardware-accelerated Canvas 2D — a function within HTML5 — will speed up rendering in Web applications, including games, Google said in a blog post Wednesday.

And WebGL support has been extended to systems with older GPUs and drivers in Chrome 18, said Google, courtesy of a licensing arrangement with Canadian company TransGaming, whose SwiftShader software rasterizer kicks in on machines not able to use WebGL, such as PCs running Windows XP.

Adobe also licenses SwiftShader.

Chrome 18 users can enter “chrome://gpu” in the address bar — sans the quotation marks — to see a summary of what hardware acceleration standards their PC or Mac supports.

Chrome Stays in Third Place

Internet metrics company Net Applications said earlier this month that Chrome accounted for 18.9 percent of all browsers used in February, keeping it in third place behind Firefox (with 20.9 percent) and Microsoft’s Internet Explorer (52.8 percent).

Rival measurement company StatCounter, however, currently puts Chrome at 30.8 percent for March so far, with IE at 34.8 percent and Firefox at 25 percent.

On two days this month — both Sundays, when more people are likely to use their home computers than a work machine — StatCounter’s numbers showed Chrome’s share was higher than IE’s .

Microsoft has disputed StatCounter’s claim , arguing that the Irish analytics firm’s data is inaccurate because it doesn’t account for the sparse numbers from countries like China, and doesn’t eliminate the “pre-rendered” pages Chrome loads but that a user may never view.

Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will be updated automatically through its silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg’s RSS feed . His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com .

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/252907/google_claims_latest_chrome_is_speedier.html

Tags: , , ,

30 Mar 12 Google ships Chrome 18, patches bugs and boosts hardware acceleration


Computerworld - Google yesterday patched nine vulnerabilities in Chrome and boosted the speed and reach of the browser’s hardware acceleration with the launch of version 18.

According to the company, Chrome 18 enables accelerated Canvas 2D on Windows and Mac machines with compatible graphics processor units (GPUs), and expands support for the WebGL 3D standard to older systems.

Canvas 2D acceleration has been part of earlier builds of Chrome, but this is the first time that Google has turned it on in a “stable” version of the browser.

Google last refreshed Chrome seven weeks ago on Feb. 8. 2012. Google generates an update to its stable channel about every six to eight weeks, a slightly more flexible schedule than rival Mozilla’s strict every-six-weeks tempo.

Three of the nine vulnerabilities patched today were rated “high,” the second-most dire ranking in Google’s threat system. Five were marked “medium” and one was tagged “low.”

Google paid $4,000 in bounties to six researchers for reporting the same number of bugs, and handed another $8,000 to four investigators who uncovered flaws that were patched by Google engineers before Chrome 18 made it to its final milestone. The three remaining vulnerabilities in the nine were uncovered by Google’s own security team.

The search firm has paid more than $210,000 to outside researchers from its bug bounty and hacking challenge accounts this year. The latter, dubbed “Pwnium,” laid out $120,000 to two researchers at the CanSecWest security conference earlier this month.

Chrome 18 also included the new Adobe Flash Player 11.2, which featured patches for two critical vulnerabilities in the popular media software. Chrome is the only browser to bundle Flash Player.

Flash Player 11.2′s most prominent feature — a new background update mechanism for Windows PCs — is not applicable to the version integrated with Chrome, since the browser uses its own silent update service to deliver fixes for the oft-exploited and -repaired plug-in.

Per its usual practice, Google blocked access to its bug tracking database for the just-patched vulnerabilities to prevent outsiders from gleaning information that could be used to build exploits.

The enabling of hardware-accelerated Canvas 2D — a function within HTML5 — will speed up rendering in Web applications, including games, Google said in a blog post Wednesday.

And WebGL support has been extended to systems with older GPUs and drivers in Chrome 18, said Google, courtesy of a licensing arrangement with Canadian company TransGaming, whose SwiftShader software rasterizer kicks in on machines not able to use WebGL, such as PCs running Windows XP.

Adobe also licenses SwiftShader.

Chrome 18 users can enter “chrome://gpu” in the address bar — sans the quotation marks — to see a summary of what hardware acceleration standards their PC or Mac supports.

Internet metrics company Net Applications said earlier this month that Chrome accounted for 18.9% of all browsers used in February, keeping it in third place behind Firefox (with 20.9%) and Microsoft’s Internet Explorer (52.8%).

Rival measurement company StatCounter, however, currently puts Chrome at 30.8% for March so far, with IE at 34.8% and Firefox at 25%.

On two days this month — both Sundays, when more people are likely to use their home computers than a work machine — StatCounter’s numbers showed Chrome’s share was higher than IE’s.

Microsoft has disputed StatCounter’s claim, arguing that the Irish analytics firm’s data is inaccurate because it doesn’t account for the sparse numbers from countries like China, and doesn’t eliminate the “pre-rendered” pages Chrome loads but that a user may never view.

Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will be updated automatically through its silent service.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

More: Browser Topic Center

Read more about Browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.computerworld.com/s/article/9225680/Google_ships_Chrome_18_patches_bugs_and_boosts_hardware_acceleration

Tags: , , ,