Google Expands Security in Chrome 10
Release includes 25 security fixes, checks for out-of-date plug-ins and sandboxed Flash debut in Google's Web browser.
That was fast.
Google is out with its second major browser release of 2011. The Chrome 10 stable release follows the Chrome 9 release by a little over a month.
Chrome 10 includes 25 patches for security items as well as new features to improve overall browser security.
Stale pointers and nodes are also well represented in Google Chrome 10's update list. Stale pointer issues fixed include a stale node in box layout and stale pointers in table painting, WebKit context code and SVG cursors.
In total, Google is paying security researchers $16,174 in reward for the flaws fixed in the Chrome 10 stable release. The Chrome 10 security awards award tally beats Google's last security update for Chrome 9. The Chrome 9.0.597.107 updated fixed 19 flaws for which Google paid out $14,000 to security researchers.
Fixed flaws aren't the only new security feature in Chrome 10. With the new browser release Google is now sandboxing its integrated Adobe Flash player. With the sandbox the general idea is that Flash runs in an isolated area of the browser which is intended to limit the risk of any potential Flash related security exploits.
Google is also providing users of Chrome 10 with out-of-date plug-in warnings. Google is following Mozilla Firefox in that area which has been providing the same functionality. Going a step further, Chrome 10 also provides plug-in blocking enhancements.
"Some of our more advanced users prefer fine-grained control over which plug-ins they wish to run -- which can have security and privacy benefits," Google Chrome engineers wrote in a blog post.
While Chrome previously had the ability to block plug-ins, Chrome 10 improves the feature with a context menu to the blocked plug-in placeholder.
"This menu lets users control which plug-ins do and do not run," Google explained. "Using a context menu helps prevent clickjacking attacks that try to bypass the block."
Plug-in placeholders can also be hidden (for example, if they are floating over and obscuring real content), and the actual plug-in that wishes to run is made apparent.
Chrome 11, which is currently in development will further improve security. The first Chrome 11 beta debuted in February with an improved Cross Site Scripting mitigation capability called, XSS Auditor.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.