Category: Google Chrome
The six bugs that prompted Google to update Chrome to version 10.0.648.204 were all deemed to be on the threat level of “high,” the second highest ranking in Google’s threat scoring system.
Google’s bug-tracking database was locked down so as to prevent access to the technical details of the now patched vulnerabilities. The bug entries are usually unlocked after several weeks and sometimes months so as to give users enough time to update before the data goes public.
Attackers utilized genuine passwords and usernames to get a hold of nine SSL certificates on the 15th of March via a Comodo certificate reseller. What SSL certificates do is basically prove the authenticity of a site. The log-on websites affected were Yahoo Mail, Google’s Gmail, Microsoft’s Hotmail, Skype, as well as Mozilla’s Firefox extension website.
Comodo revoked the certificates and brought the matter to the attention of Mozilla, Google, and Microsoft between the 15th and the 23rd of March. The breach of its reseller and the theft of the SSL certificates were announced on the 23rd of this month.
TomsHardware has posted a nice benchmark and compared some of the most popular web browsers. Unfortunately, Firefox 4 was not included.
Google Chrome 10.0.648.134
Internet Explorer 9
Opera 11.01 (build 1190) 51
Safari 5.04 (7533.20.27)
With the release of Firefox 4 and IE9 Final, Google has also made some changes and pushed a Google Chrome 11 build (11.0.696.16) to the beta channel.
What’s so great about this build?
It now includes the speech to text capabilities (see demo page), thanks to HTML5 speech input API.
Google Chrome 11 now also supports a GPU accelerated 3D CSS which will make at least some developers happy.
Pwn2Own, the yearly hacking contest held as part of the CanSecWest security conference, saw the successful hijacking of fully patched versions of Safari and Internet Explorer 8 this year. Ars Technica described Pwn2Own as the following:
If a researcher can pwn the browser—that is, make it run arbitrary code—then they get to own the hardware the browser runs on. This year, not only did they have to run arbitrary code, they also had to escape any sandboxes—restricted environments with reduced access to data and the operating system—that are imposed.