msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

10 Apr 12 Google Chrome 18 Fixes Flash and Canvas2D


Among the “big fix” items in the new Chrome 18.0.1025.151 release is a Flash player security update, that only Google Chrome is receiving. Google Chrome is the only browser that directly integrates Adobe Flash.

“The Chrome update includes fixes to two memory corruption vulnerabilities that were specific to Adobe Flash Player integrated with Google Chrome,” Wiebke Lips, Senior Manager of Corporate Communications at Adobe, told eSecurityPlanet. “In other words, these vulnerabilities do not impact Flash Player for any other browser or platform.”

The Flash player flaws were additional vulnerabilities that were initially fixed in an Adobe Flash Player 11.2.202.228 update issued at the end of March. That update ushered in silent updates for Windows users of Flash Player on Firefox and Internet Explorer. Google’s Chrome browser has provided silent updates for the integrated browser and flash solution since its initial release.

While security is always a top concern in Google Chrome updates, so too are bug fixes. In Chrome 18.0.1025.151, Google is fixing a Canvas 2D drawing bug related to GPU acceleration. Canvas 2D is an HTML5 element that enables interactive content to run in a browser. As part of the initial Chrome 18 release, Google debuted GPU hardware based acceleration for Canvas 2D in an effort to enable more complex and detailed HTML5 games on Chrome.

Read the full story at eSecurityPlanet:
Google Patches Chrome 18 for Flash Flaws

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/google-chrome-18-fixes-flash-and-canvas2d.html

Tags: , , , , ,

04 Apr 12 Google Chrome 18 Fixes Flaws, Acclerates HTML5 Canvas


Google is now taking Canvas2D a step further by enabling the new Chrome 18 web browser to leverage hardware-based GPU acceleration.

“We’ve enabled GPU-accelerated Canvas2D on capable Windows and Mac computers, which should make web applications like games perform even better than a pure software implementation,” Google explained on the Chromium blog.

Hardware acceleration for Canvas is something that other HTML5-compliant vendors could benefit from as well. As a web standard Canvas is also being leveraged by Mozilla for their BrowserQuest online game, which was released earlier this week. BrowserQuest is a full in-browser massively multi-player online game.

Security Fixes

Chrome 18 also provides at least 9 security fixes, and three of the issues are rated as high impact. There are no critical fixes for the Chrome 18 updates.

One of the high impact flaws is a Use-After-Free memory issue with the SVG graphics library. The other high impact flaws include a memory corruption and a type sanitizer vulnerability.

All told Google is paying security researchers $4,000 for flaws fixed in the stable release of Chrome 18. That said, Google noted in its release notes that it had paid out an additional $8,000 in awards for bugs that were reported and fixed before Chrome 18 hit the stable release channel.

Read the full story at Datamation:
Google Chrome 18 Accelerates Canvas

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/google-chrome-18-fixes-flaws-acclerates-html5-canvas.html

Tags: , , , ,

03 Apr 12 Google Chrome 18 Fixes Flaws, Acclerates HTML5 Canvas


Google is now taking Canvas2D a step further by enabling the new Chrome 18 web browser to leverage hardware-based GPU acceleration.

“We’ve enabled GPU-accelerated Canvas2D on capable Windows and Mac computers, which should make web applications like games perform even better than a pure software implementation,” Google explained on the Chromium blog.

Hardware acceleration for Canvas is something that other HTML5-compliant vendors could benefit from as well. As a web standard Canvas is also being leveraged by Mozilla for their BrowserQuest online game, which was released earlier this week. BrowserQuest is a full in-browser massively multi-player online game.

Security Fixes

Chrome 18 also provides at least 9 security fixes, and three of the issues are rated as high impact. There are no critical fixes for the Chrome 18 updates.

One of the high impact flaws is a Use-After-Free memory issue with the SVG graphics library. The other high impact flaws include a memory corruption and a type sanitizer vulnerability.

All told Google is paying security researchers $4,000 for flaws fixed in the stable release of Chrome 18. That said, Google noted in its release notes that it had paid out an additional $8,000 in awards for bugs that were reported and fixed before Chrome 18 hit the stable release channel.

Read the full story at Datamation:
Google Chrome 18 Accelerates Canvas

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/google-chrome-18-fixes-flaws-acclerates-html5-canvas.html

Tags: , , , , ,

21 Feb 12 Chrome 17 Patched for a Dozen Flaws


Some software vendors prefer to deliver security updates on a scheduled basis: Microsoft’s monthly “Patch Tuesday” is perhaps the best-known example of that approach. But Google takes a different road with its Chrome browser, opting instead to roll out updates on a rapid and ongoing basis.

Google is now updating Chrome 17, just one week after the browser was first released as a stable product. Last week’s Chrome 17 stable release included at least 20 fixes for security vulnerabilities. This week’s Chrome 17.0.963.56 release fixes 13 additional flaws that have bubbled to the surface in the last week.

Seven of the flaws fixed in Chrome 17.0.963.56 are rated as high severity by Google. One of these flaws is an integer overflow issue in the libpng graphics library. Google is awarding security researcher Juri Aedla a “leet” award of $1,337 for the discovery.

Aedla isn’t the only security researcher that is profiting from the Chrome 17.0.963.56 release. In total, Google is awarding researchers $6,837 as part of the Chrome 17.0.963.56 release. The Chromium Rewards Program under which Google pays security researchers for discoveries was first introduced in November of 2010. Since then, Google has paid researchers over $410,000 in rewards for flaw discoveries.


Read the full story at eSecurityPlanet:
Google Patches Chrome 17

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/chrome-17-patched-for-a-dozen-flaws.html

Tags: , , ,

18 Nov 11 Chrome Gets 2nd Critical Fix in a Week


It’s not often that a browser is updated for just a single vulnerability, but that’s exactly what is happening with Google Chrome today.

Google has released Chrome Stable 15.0.874.121 for Windows, Mac, Linux and Chrome Frame platforms fixing a single JavaScript flaw. The flaw is identified as CVE-2011-3900 and is rated as being high impact by Google.

The flaw is an out-of-bounds write issue with the Chrome v8 JavaScript Engine. An out-of-bounds write, means that a process has privileges to write, where it should not be able to write. That extra privilege could potentially be exploited by an attacker to execute unauthorized remote code. Google has updated the v8 JavaScript engine to version 3.5.10.24 to correct the flaw.

The v8 flaw was discovered by security researcher Christian Holler, who was award $1,000 by Google for reporting the issue.

The Chrome Stable 15.0.874.121 update is the second security update from Google for Chrome in a week. On November 10, Google released Chrome Stable 15.0.874.120, fixing seven flaws, five marked as being high impact.

Over the short life of the Chrome 15 browser so far, Google has been very active. The first stable release of Chrome 15 came out at the end of October. The first release fixed over 27 flaws in Chrome, with Google paying out a record $26,511 in rewards to security researchers.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Article source: http://www.esecurityplanet.com/browser-security/chrome-gets-2nd-critical-fix-in-a-week.html

Tags: , , ,

06 Oct 11 Google Silently Updates Chrome as Mozilla Preps


If you’re running the Google Chrome browser, rest easy, Google just silently updated it for seven security vulnerabilities.

Google Chrome stable version 14.0.835.202 is now available for Windows, Mac and Linux providing security and stability fixes as well as a new integrated version of Adobe Flash Player 11. On the security front, there were seven fixes, six rated as being High impact and one rated as Critical.

The critical flaw is identified by Google as being a memory corruption issues in the shader translator. The flaw was discovered by Zhenyao Mo of the Chromium development community and is one of only two flaws in the Chrome 14.0.835.202 update for which Google did not pay a reward. Google’s own Chrome Security Team is credited with the discovery of a High impact flaw related to Lifetime and threading issues in audio node handling.

Google pays out cash to external security researcher as part of the Chromium Vulnerability Rewards program. Google is paying a total of $10,000 for the five security flaws fixed in the new Chrome release that were reported by external security researchers.

The other five high impact flaws include a pair of use-after-free memory issues, a memory corruption flaw with the v8 JavaScript engine and a stale font issue with SVG text handling. Beyond the memory related issues there is also a high impact cross origin flaw.

Google is also including the new Adobe Flash Player 11, which was just released by Adobe. The new Flash release provides advanced graphics capabilities and improved performance over the Flash 10 series.

All the updates to Chrome 14.0.835.202 are delivered to users by way of Google’s silent update mechanism. The silent update occurs in the background and does not require any user action in order to occur. It’s a method that keeps Chrome users current, as Google continues its rapid release cycle of updates.

In contrast, users of the Mozilla Firefox browser need to click something in order to update their browser. With Mozilla’s recent shift to a rapid release cycle of their own, silent updates are set to soon debut in Firefox as well.

“In the past we have been very careful to make sure people know something is changing with their web browser before it changes,” Mozilla Foundation Chair, Mitchell Baker wrote in a blog post. “We did this to make sure people are aware and in control of what’s happening to their environment.”

Baker added that Mozilla’s position is now changing as users are telling them that notifications are “irritating.”

Unlike Chrome, where the silent updates are required, the new silent update mechanism in Firefox will be available as an optional component, according to Mozilla.

“It doesn’t need to be installed, and if it is stopped or disabled, updates will work as they did before in every other recent Firefox release,” Mozilla developer Brian Bondy blogged. “A user can also uninstall the Firefox service at any time. Updates will continue to occur using the old method.”

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Article source: http://www.esecurityplanet.com/browser-security/google-silently-updates-chrome-as-mozilla-preps-.html

Tags: , , ,