Establishing Digital Trust: Don't Sacrifice Security for Convenience
Google's rapid release cycle for its Chrome Web browser is continuing to move forward. Google is now out with Chrome 11.0.696.57, the third major browser release for Google in 2011, following Chrome 9 in February and Chrome 10 in March.
The new Chrome 11 fixes at least 26 security issues, 18 of which are rated as being high impact by Google. Google is also paying out a record $16,500 in awards to security researchers for reporting flaws. The previous top amount paid by Google for security vulnerabilities was $14,470.70 for the Chrome 8.0.552.237 security update in January of this year.
Among the high impact flaws in Chrome 11.0.696.57 are at least four stale pointer issue that could have potentially led to arbitrary code execution. Stale pointer errors were reported in floating object handling, height calculations and PDF forms.Google is also patching for at least three use-after-free memory flaws. Use-after-free flaws occur when allocated memory is not freed up after a process ends, potentially enabling an attacker to use the same space to launch an attack. Chrome 11.0.696.57 fixes use-after-free issues with tag and CSS, WebSockets and in DOM id handling.
Spoofing is also an issue that Chrome 11 is patching. The new browser release provides fixes for at least four issues related to possible URL bar spoofs with navigation errors and interrupted loads.
Chrome 11 isn't just about security updates, it also provides a key new feature for Google's browser users. Chrome 11 supports the HTML5 speech input API, enabling the browsing to support voice interactions. One of the ways that the new voice capability can be used is in combination with Google Translate providing a browser based translation service.
"If youre translating from English, just click on the microphone on the bottom right of the input box, speak your text, and choose the language you want to translate to," Josh Estelle, Software Engineer at Google wrote in a blog post. "In fact, you can even click on the "Listen" feature to hear the translated words spoken back to you!"