Establishing Digital Trust: Don't Sacrifice Security for Convenience
If you're running the Google Chrome browser, rest easy, Google just silently updated it for seven security vulnerabilities.
Google Chrome stable version 14.0.835.202 is now available for Windows, Mac and Linux providing security and stability fixes as well as a new integrated version of Adobe Flash Player 11. On the security front, there were seven fixes, six rated as being High impact and one rated as Critical.
The critical flaw is identified by Google as being a memory corruption issues in the shader translator. The flaw was discovered by Zhenyao Mo of the Chromium development community and is one of only two flaws in the Chrome 14.0.835.202 update for which Google did not pay a reward. Google's own Chrome Security Team is credited with the discovery of a High impact flaw related to Lifetime and threading issues in audio node handling.
Google pays out cash to external security researcher as part of the Chromium Vulnerability Rewards program. Google is paying a total of $10,000 for the five security flaws fixed in the new Chrome release that were reported by external security researchers.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Google is also including the new Adobe Flash Player 11, which was just released by Adobe. The new Flash release provides advanced graphics capabilities and improved performance over the Flash 10 series.
All the updates to Chrome 14.0.835.202 are delivered to users by way of Google's silent update mechanism. The silent update occurs in the background and does not require any user action in order to occur. It's a method that keeps Chrome users current, as Google continues its rapid release cycle of updates.
In contrast, users of the Mozilla Firefox browser need to click something in order to update their browser. With Mozilla's recent shift to a rapid release cycle of their own, silent updates are set to soon debut in Firefox as well.
"In the past we have been very careful to make sure people know something is changing with their web browser before it changes," Mozilla Foundation Chair, Mitchell Baker wrote in a blog post. "We did this to make sure people are aware and in control of what’s happening to their environment."
Baker added that Mozilla's position is now changing as users are telling them that notifications are "irritating."
Unlike Chrome, where the silent updates are required, the new silent update mechanism in Firefox will be available as an optional component, according to Mozilla.
"It doesn't need to be installed, and if it is stopped or disabled, updates will work as they did before in every other recent Firefox release," Mozilla developer Brian Bondy blogged. "A user can also uninstall the Firefox service at any time. Updates will continue to occur using the old method."