Chrome for Android Gets Security Update

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

In a recent blog post, Google software engineer Jay Civelli announced that an update to Chrome for Android has significantly enhanced user security.

"This release strengthens Chrome for Android’s sandbox technology, which helps ensure malicious mobile websites are contained and do not impact the entire browser," Civelli wrote. "This is made possible by the innovative multi-process architecture in Chrome for Android, in conjunction with Android’s User ID (UID) isolation technology. This more in-depth sandboxing capability will be automatically used for devices with Android 4.1, Jellybean."

The update also patches seven security flaws. "The security holes that were fixed were all rated as 'medium' for their severity, and Google paid US$500 for each one to the individuals who reported them," writes PCWorld's Juan Carlos Perez.

"Specifically, the update fixes two medium-rated bugs reported by Artem Chaykin for which he received a total of $1,000 in rewards," writes Threatpost's Brian Donohue. "The first fixes an issue with information and credential disclosure by file:// URLs and the second resolves a problem with current-tab cross-application scripting (UXSS). The other five vulnerabilities reported by Takeshi Terada also received medium ratings, earning him $2,500 ($500 apiece). His reports had to do with UXSS via intent extra data, information and credential disclosure by file:// URLs, Android APIs exposed to JavaScript, bypassing same-origin policy for local files with symlinks, and cookie theft by malicious local Android app."

"Besides these security fixes, this update also makes a few small changes to how YouTube videos work in Chrome," writes TechCrunch's Frederic Lardinois. "YouTube video controls, Google says, now work in full-screen mode, and video now automatically continues playing after a screen lock/unlock. Google also says that third-party input methods (think SwiftKey or Swype) will now work better with Chrome."