Google Expands Security in Chrome 10

That was fast.

Google is out with its second major browser release of 2011. The Chrome 10 stable release follows the Chrome 9 release by a little over a month.

Chrome 10 includes 25 patches for security items as well as new features to improve overall browser security.

Of the 25 patches, at least 15 are rated as having high impact, by Google. The high impact flaws include multiple memory flaws including a memory corruption with counter nodes issue and an invalid memory access issue with the V8 JavaScript engine. Use-after-free memory heap issues are also included in the list with a DOM URL handling issue as well an in document script lifetime handling flaw.

Stale pointers and nodes are also well represented in Google Chrome 10’s update list. Stale pointer issues fixed include a stale node in box layout and stale pointers in table painting, WebKit context code and SVG cursors.

In total, Google is paying security researchers $16,174 in reward for the flaws fixed in the Chrome 10 stable release. The Chrome 10 security awards award tally beats Google’s last security update for Chrome 9. The Chrome 9.0.597.107 updated fixed 19 flaws for which Google paid out $14,000 to security researchers.

Fixed flaws aren’t the only new security feature in Chrome 10. With the new browser release Google is now sandboxing its integrated Adobe Flash player. With the sandbox the general idea is that Flash runs in an isolated area of the browser which is intended to limit the risk of any potential Flash related security exploits.

Google is also providing users of Chrome 10 with out-of-date plug-in warnings. Google is following Mozilla Firefox in that area which has been providing the same functionality. Going a step further, Chrome 10 also provides plug-in blocking enhancements.

“Some of our more advanced users prefer fine-grained control over which plug-ins they wish to run — which can have security and privacy benefits,” Google Chrome engineers wrote in a blog post.

While Chrome previously had the ability to block plug-ins, Chrome 10 improves the feature with a context menu to the blocked plug-in placeholder.

“This menu lets users control which plug-ins do and do not run,” Google explained. “Using a context menu helps prevent clickjacking attacks that try to bypass the block.”

Plug-in placeholders can also be hidden (for example, if they are floating over and obscuring real content), and the actual plug-in that wishes to run is made apparent.

In addition to the security features that are baked into Chrome 10, the new browser also provides uses with a new version of Google’s V8 Crankshaft technology for improved JavaScript. Chrome 10 first debuted as a dev release at the beginning of the year.

Chrome 11, which is currently in development will further improve security. The first Chrome 11 beta debuted in February with an improved Cross Site Scripting mitigation capability called, XSS Auditor.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.

Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Top Cybersecurity Companies

Related articles