Google Debuts Chrome 12, Advances Security

Google is out this week with its fourth major stable browser update of the year. Chrome 12.0.742.91 is now out for Windows, Mac and Linux fixing security flaws and adding new features.

Chrome 12 fixes at least 15 different security issues, which is actually a decrease from the 26 issues fixed in Chrome 11 stable release at the end of April.

As part of its Chromium Security Awards Program, Google pays cash rewards to security researchers for reporting security flaws. For Chrome 12, Google is shelling out $9,971 in security awards. The highest award payment is for a an elite same origin bypass flaw that is netting researcher Sergy Glazunov a $3,134 payment. The same origin flaw is in Chrome v8 JavaScript engine.

Google created the elite award level in January for extremely critical flaws.

In addition to the Elite flaw, Google is patching for four high impact flaws. Two of the high impact flaws are use-after-free issues while two are stale pointer flaws. In both use-after-free and stale pointer cases, the risk is from attackers that can use memory allocations that are supposed to be unavailable. Those memory spaces can then be used as the base of an attack and possible arbitrary code execution.

Google is also patching for a trio of flaws that affect its extension system. A medium impact fix for an extensions permission bypass is credited to researcher 'kuzzcc' who is being awarded $1,337. The second extensions flaw is a medium impact injection issue discovered by Vladislavas Jarmalis. While the third extensions issue is a low impact script injection into new tab page flaw.

Another interesting flaw corrected in Chrome 12 is for a visited history information leak in CSS issue that Google has rated as being low impact.


While security fixes are always a major hallmark of a new stable Chrome release, so too are new features.

With Chrome 12, Google is extending its Safe Browsing technology to downloads. Safe Browsing has been available as a phishing website detection technology since at least 2006 when it was first included in Firefox 2.0

Back in April when Chrome 12 first debuted as a developer release, Ian Fette, senior product manager at Google told that Safe Browsing in Chrome 12 goes beyond simple phishing site detection.

"A separate attack vector exists, which is a social engineering mechanism that attempts to convince a user to download and run a file," Fette said at the time. "This new feature is designed to protect against the latter type of attack, where a user is convinced to download and run a harmful file."

Chrome 12 also improves on the integrated Adobe Flash Player. For the first time, Chrome users will now be able to delete their Flash cookies from inside of Chrome. By enabling Chrome users to more easily clear their Flash cookies, user security is improved. Cookies can sometimes store personally identifiable information and it's a good best practice to clear them on a regular basis.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.