Make no mistake about it, Google is on a very rapid release cycle for the Chrome browser. This week Google released Chrome version 8 stable, providing 800 bug fixes, according to Google's release notes.
The Chrome 8 stable release follows the release of Chrome 7 stable, which debuted at the end of October.
Among the fixes for Chrome 8 are 13 security fixes, four of which are rated as having high impact by Google. One of the high-impact security flaws is a crash due to bad indexing with malformed video.
Video is also the subject of a medium-impact flaw involving a cross-origin video theft issue that was reported to Google by Microsoft Vulnerability Research (MSVR). There is also a medium-impact flaw related to an out-of-bounds read regression in WebM video support. WebM is Google's new open video codec, first announced in May of this year.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The Chrome 8 stable release also fixes a pair of high-impact use-after-free, memory issues. One of the use-after-free conditions occurs with SVG animations, while the other is trigged by Chrome's history handling.
On the low impact level, Chrome 8 provides a number of interesting fixes. There is a fix for a possible pop-up blocker bypass and fixes for browser crashes with HTML5 databases, HTTP proxy authentication and having too many file dialogs.
In addition to the bug and security fixes, Chrome 8 marks the debut of the integrated PDF viewer inside of the browser. The PDF viewer is secured with Chrome process sandboxing, which may help to reduce the risk of potential PDF exploits. The move to include integrated PDFs follows earlier efforts in Chrome 5 to include an integrated Flash player.
Google committed to an agile development approach to Chrome in July with the promise of major new stable releases approximately every 12 weeks.
Chrome 8 first entered Google's developer channel in mid-October.
Keep up with browser security news. Follow eSecurityPlanet on Twitter: @eSecurityP.