Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser.
Like many other browsers, Chrome allows users to install “extensions”, apps that add functionality. Google even runs the “Chrome Web Store” to promote extensions.
Security outfit Webroot recently pointed out that some of the extensions in the store are illegitimate, data-sucking privacy invaders that trick users with offers to do things like change the colour of Facebook and then suck out all their data.
Google has responded in two ways, one of which is a new service “To help keep you safe on the web” that will see the company “analyzing every extension that is uploaded to the Web Store and take down those we recognize to be malicious.”
Changes are also coming in the forthcoming version 25 of the browser, which will no longer allow extensions to install without users’ knowledge. That’s currently possible because Chrome, when running on Windows, can is designed to allow unseen installs “to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application.”
“Unfortunately,” Google now says in a blog post, “this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgement from users.”
Chrome 25 will therefore remove the auto-install feature, replacing it with a new system that presents the Windows Vista-esque screen below when extensions try to ingratiate themselves with the browser.
Hi! I’m the ghost of Windows Vista! Would you like to install this extension?
As ever, Google’s blog posts and support notice on the changes position them as responsible enhancements that show, yet again, Google is doing the world a favour.
A more critical analysis could consider the announcements in light of malware found in Google Play and take Google’s decision to more aggressively curate the Chrome Web Store as an admission it needs to devote more attention to this stuff, lest Chrome and other Google products become malware-ridden quagmires that users don’t trust. ®
Computerworld - Adobe last week released a new beta of Flash Player that includes silent updates for Macs.
Adobe first included silent updates for OS X in the Flash Player beta a month ago; the version shipped Friday was tagged as “Beta 3.”
Adobe introduced silent updates for Flash Player on Windows in late March. At the time, the company committed to creating the same feature on OS X, but did not set a timetable.
As far as users are concerned, the Mac version is identical to the Windows tool: It pings Adobe’s servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later. Found updates, however, are applied entirely in the background, and do not display notices on the screen or require the user to take any action.
By default, Flash 11.3 has silent updates switched on, but users can change the setting to continue to receive on-screen alerts.
In the six weeks since Adobe released silent updates for Flash Player on Windows, it has shipped a pair of updates, including one last Friday that patched a “zero-day” vulnerability attackers were already exploiting.
Silent updates will not affect users who rely solely on Google’s Chrome, as that browser bundles Flash Player, and updates the Adobe software using its own background update service.
Another prominent feature in Flash Player 11.3 is a “sandboxed” plug-in for Mozilla’s Firefox on Windows Vista and Windows 7, second step in Adobe’s plan to stymie attacks that exploit unpatched Flash bugs.
A sandbox isolates processes on the computer, preventing or at least hindering malware that tries to push code onto a machine. Adobe sandboxed Flash Player for Chrome in late 2010 after working with Google engineers; the February release of a sandboxed plug-in for Firefox came after similar cooperation from Mozilla engineers.
Adobe plans to ship the final version of Flash Player 11.3 before the end of June.
Users who want to test drive the preview can download it from Adobe’s website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg’s RSS feed . His e-mail address is email@example.com.
Read more about Internet in Computerworld’s Internet Topic Center.
Competition among browsers is more fierce than ever.
Google’s knocking out new versions of Chrome at an alarming rate, Mozilla’s been pulling nightshifts to improve Firefox, and Microsoft’s rejuvenated IE team is doing great things with its browser.
There are great browsers from Opera and Apple too, not to mention mobile browsers for smartphones and tablets.
So which browser should you be using?
Let’s find out which ones offer the best blend of power, expandability and all-round awesomeness.
These figures are based on brand new installations without any plugins, extensions or similar: once you start loading your browser up with goodies, performance is likely to take a nose-dive.
WOW: Firefox is the speed king on Windows and on OS X, but there isn’t much in it: all the browsers are swift
You can get add-ons for all the main browsers, but Firefox has the edge here: its huge number of add-ons and Greasemonkey scripts mean that its reputation as the Swiss Army Knife of web browsers is well deserved. It’s far and away the most expandable web browser, and it’s got the best browser sync features too. Bear in mind, though, that all of the main browsers are expandable, and while some – such as Safari – don’t have enormous libraries of add-ons, you can still get the essential ones such as ad blockers, Twitter utilities and Gmail notifiers.
Opera deserves a special mention here because it’s more than just a browser. It has integrated email, newsgroups and IRC chat, the Opera Unite file server, Opera Turbo to improve performance on crappy mobile connections, and Sidebar-style widgets for games, web applications and utilities.
Safari’s the first to fall here: it just looks odd on Windows, and doesn’t offer anything over its rivals. IE9 and Opera are both very nice to use on Windows 7 and make good use of taskbar pinning and jump lists, but Firefox has the edge in both speed and expandability and it’s our pick here.
UNEXPECTED?: Opera’s a joy to use and worth considering if you like the idea of widgets, integrated email and file sharing
IE9 flies on Vista – it hammered through Sunspider in 193.7ms – but Firefox is faster still, scoring 192.2ms in the same benchmarks. Safari ran through the benchmarks in 224.4ms, Chrome 246.6ms, and Opera in 251.2ms. Firefox isn’t just the speediest browser on Vista, but the most expandable too.
Internet Explorer takes an early bath here, because Microsoft doesn’t make IE9 for its ageing OS. That leaves Safari 5.1, Firefox 9, Chrome 16 and Opera 11.6; of the four, Chrome demands the least RAM and hard disk space, making it the best bet for older XP systems. That means Chrome’s the best browser for netbooks too: its more modest hardware requirements are a boon on relatively low-spec machines.
Firefox was massively in the lead on OS X Lion, rocketing through Sunspider in 153.8ms compared to Safari’s 209.2ms, Opera’s 214.7ms and Chrome’s 225.3. However, it’s worth noting that while Safari’s figures look good on paper, they don’t reflect the way it chugged through the benchmarks as if it were wading through treacle.
Firefox’s speed is countered by what we think is a faintly horrible interface. If that isn’t your top priority then Firefox is the best browser for Mac users; if it annoys you, then Opera or Chrome is a better bet. While Safari is a perfectly decent browser, its rivals performed better in our tests.
All of the browsers we tested had excellent privacy protection including private browsing and warnings of suspicious web pages, but IE9 is marginally ahead of the pack here: its tracking protection enables you to subscribe to lists that tell specific kinds of websites not to track you, which is potentially more useful than a global “do not track” option.
All of the main browsers support the important bits of HTML5, but when it comes to full standards support Chrome and Firefox are in the lead by a significant margin. According to the excellent Caniuse.com, Firefox and Chrome score 89% for HTML5 standards support, with Safari at 78%, Opera 74% and IE9 52%. If you add CSS support into the equation the scores are 87% for Firefox and Chrome, 83% for Safari, 75% for Opera and 59% for IE.
LAGGING BEHIND: All the browsers support key HTML5 features, but IE9 lags behind when it comes to full standards support
The stock Android browser is pretty good, but we think Opera Mobile has the edge for smartphones: it’s got a lovely interface, goes like the clappers – we’ve previously described it as “comically fast” on decent kit – and synchronises well with its desktop cousin. On tablets, the standard browser is still our preferred option: while Dolphin for Pad and Firefox are looking pretty nifty, they’re both still in beta.
CACHE KING: Opera Mobile for Android is particularly good on mobile phones. It’s “comically fast” on decent kit
The lack of tabs in Apple’s Safari drove us daft on the original iPad, but now it’s got tabbed browsing and iCloud syncing we think it’s the best browser on the platform, especially on the iPad 2: in our experience it’s faster and more reliable than iCab Mobile, considerably nicer to look at than Atomic Browser, and less likely to dump you back to the home screen for no good reason than non-Apple browsers.
NATIVE THE BEST: Tabbed browsing and iCloud synchronisation make Apple’s own Safari the best bet for iPad owners
Liked this? Then check out Hands on: IE10 review (Platform Preview)
Sign up for TechRadar’s free Week in Tech newsletter
Get the top stories of the week, plus the most popular reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register
It’s just one browser version during one particular week, and only one research firm is making the claim–but according to StatCounter, Google’s Chrome 15 is the world’s most popular browser.
Add up all versions of IE and Chrome and you still get a different story: IE is the most popular browser overall, well ahead of Chrome. StatCounter’s numbers still show all versions of IE taking a total of 40.09 percent of the market, vs. 26.31 percent for all versions of Chrome.
Firefox is at 25.07 percent, Apple’s
Safari is at 5.86 percent, and Opera gets 1.91 percent.
Chrome 15′s victory isn’t hugely meaningful. Google’s built-in updating system quietly but insistently auto-updates users to new versions, reducing the number of people who are running old editions of the browser. Microsoft, by contrast, is less pushy. That helps explain why a meaningful number of folks still run the ancient, obsolete, insecure mess known as Internet Explorer 6.
In January, Microsoft plans to use Windows Update’s Auto Updates to upgrade recalcitrant Windows users to newer versions of Internet Explorer–IE 8 for Windows XP, and IE 9 for Windows Vista and 7. Given Chrome 15′s extremely narrow victory over IE 8 and the massive number of Windows XP PCs in the world, IE 8 presumably has a decent chance at snatching its crown back next month.
The real history-making moment would come if Chrome–or any non-Microsoft browser–overtook IE to become the world’s most popular browser, period. (The numbers reported by StatCounter and its rivals vary enough that I wouldn’t believe it had happened until every major stats service agreed.)
The last market-leading browser that wasn’t IE was Netscape Navigator. When its share crumbled in the 1990s, Internet Explorer gained a monopoly on the market that looked like it would probably be permanent.
By coming pre-installed on Windows, Internet Explorer still gets a huge head start over every other browser on the planet: It’s remarkable that the race is as close as it is. I wouldn’t reject the possibility of Chrome eventually overtaking IE, though, particularly given how rapidly it’s improving and how aggressively Google markets it.
Of course, a few years ago I thought that Firefox also had a shot at surpassing IE . Back in the days when Internet Explorer 6 was the current version of IE, and commanded more than 90 percent of the market, Firefox was downright dazzling. Simply by being wonderful, it quickly racked up millions of users–and forever disproved the depressing conventional wisdom that it was impossible to compete with Windows’ default browser.
When Google unveiled Chrome a little over three years ago, Firefox probably lost its chance at taking the top slot. All of a sudden, Chrome was the fresh, innovative alternative browser–and recently, Firefox’s share has flatlined, then dipped.
If open-source Firefox had managed to overtake IE, it would have been one of the great stories in tech history: A bunch of volunteer geeks banding together to beat the world’s biggest software company. If Chrome takes the lead, it’ll be one huge company beating another huge company. For me, at least, the emotional impact wouldn’t be the same.
And in a strange way, Microsoft is also a scrappy upstart when it comes to browsers. IE 9, the current version, is downright good, and admirably progressive when it comes to new technologies and standards. (Microsoft does its best work when its products have meaningful competition. Weird, huh?)
So I’m not rooting for any particular browser, and won’t take it badly if IE remains the most popular one for years to come. But boy, am I glad that the browser wars–which some once thought were over–show no signs of ending anytime soon.