OMEN
10-24-2010, 12:33 PM
Patches autofill crash that hacker's could exploit
Computerworld - Google patched 11 vulnerabilities in Chrome on Thursday as it updated the browser to version 7.
The security update was the fourth since Sept. 2., when Google first boosted Chrome 6 to the "stable" release, the browser's most polished version.
Only one of the bugs patched in Chrome 7.0.517.43 was rated "critical" in Google's four-step threat scoring system, with five tagged as "high." Three others received the "medium" label, while two were pegged as "low."
Google paid out only $1,000 in bounties to two researchers who reported a pair of bugs, the least it's awarded since last June.
As usual, Google locked down its bug tracking database to hide technical details of the vulnerabilities. The company usually unlocks access to a flaw several weeks after a patch ships, to give users time to update before the information goes public.
Other browser makers, including Mozilla, do the same.
The single critical vulnerability was tersely explained as a "browser crash with form autofill." Chrome's developers added autofill only last August. The time-saving feature automatically enters the user's name, address, phone number, e-mail address and credit card number in various Web site forms.
One Web site developer noted problems with Chrome's autofill last week, saying that the browser was crashing when users submitted a form on one client's site.
Last July, Google promised to pick up Chrome's development pace, saying then that it would bump up the browser to a new version every six weeks or so.
The company's made good on that with Chrome 7, which moved to the stable "channel" -- Google's term for its release editions -- seven weeks after Chrome 6's debut.
Google touted other changes to Chrome that apply to developers -- including full AppleScript support on the Mac and a revamped HTML5 parser -- and said that version 7 also boasted fixes for "hundreds" of non-security bugs.
According to Web metrics company Net Applications, Chrome accounted for 8% of all browsers used last month. At its current pace, Chrome will pass the 10% milestone by the end of the year.
Chrome 7 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.
Computerworld - Google patched 11 vulnerabilities in Chrome on Thursday as it updated the browser to version 7.
The security update was the fourth since Sept. 2., when Google first boosted Chrome 6 to the "stable" release, the browser's most polished version.
Only one of the bugs patched in Chrome 7.0.517.43 was rated "critical" in Google's four-step threat scoring system, with five tagged as "high." Three others received the "medium" label, while two were pegged as "low."
Google paid out only $1,000 in bounties to two researchers who reported a pair of bugs, the least it's awarded since last June.
As usual, Google locked down its bug tracking database to hide technical details of the vulnerabilities. The company usually unlocks access to a flaw several weeks after a patch ships, to give users time to update before the information goes public.
Other browser makers, including Mozilla, do the same.
The single critical vulnerability was tersely explained as a "browser crash with form autofill." Chrome's developers added autofill only last August. The time-saving feature automatically enters the user's name, address, phone number, e-mail address and credit card number in various Web site forms.
One Web site developer noted problems with Chrome's autofill last week, saying that the browser was crashing when users submitted a form on one client's site.
Last July, Google promised to pick up Chrome's development pace, saying then that it would bump up the browser to a new version every six weeks or so.
The company's made good on that with Chrome 7, which moved to the stable "channel" -- Google's term for its release editions -- seven weeks after Chrome 6's debut.
Google touted other changes to Chrome that apply to developers -- including full AppleScript support on the Mac and a revamped HTML5 parser -- and said that version 7 also boasted fixes for "hundreds" of non-security bugs.
According to Web metrics company Net Applications, Chrome accounted for 8% of all browsers used last month. At its current pace, Chrome will pass the 10% milestone by the end of the year.
Chrome 7 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.