Establishing Digital Trust: Don't Sacrifice Security for Convenience
Chrome 12 fixes at least 15 different security issues, which is actually a decrease from the 26 issues fixed in Chrome 11 stable release at the end of April.
Google created the elite award level in January for extremely critical flaws.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iIn addition to the Elite flaw, Google is patching for four high impact flaws. Two of the high impact flaws are use-after-free issues while two are stale pointer flaws. In both use-after-free and stale pointer cases, the risk is from attackers that can use memory allocations that are supposed to be unavailable. Those memory spaces can then be used as the base of an attack and possible arbitrary code execution.
Google is also patching for a trio of flaws that affect its extension system. A medium impact fix for an extensions permission bypass is credited to researcher 'kuzzcc' who is being awarded $1,337. The second extensions flaw is a medium impact injection issue discovered by Vladislavas Jarmalis. While the third extensions issue is a low impact script injection into new tab page flaw.
Another interesting flaw corrected in Chrome 12 is for a visited history information leak in CSS issue that Google has rated as being low impact.
While security fixes are always a major hallmark of a new stable Chrome release, so too are new features.
With Chrome 12, Google is extending its Safe Browsing technology to downloads. Safe Browsing has been available as a phishing website detection technology since at least 2006 when it was first included in Firefox 2.0
Back in April when Chrome 12 first debuted as a developer release, Ian Fette, senior product manager at Google told InternetNews.com that Safe Browsing in Chrome 12 goes beyond simple phishing site detection.
"A separate attack vector exists, which is a social engineering mechanism that attempts to convince a user to download and run a file," Fette said at the time. "This new feature is designed to protect against the latter type of attack, where a user is convinced to download and run a harmful file."
Chrome 12 also improves on the integrated Adobe Flash Player. For the first time, Chrome users will now be able to delete their Flash cookies from inside of Chrome. By enabling Chrome users to more easily clear their Flash cookies, user security is improved. Cookies can sometimes store personally identifiable information and it's a good best practice to clear them on a regular basis.