Google Chrome - Between Undecided Users and Security Fixes

By Dee Chisamera
14:30, September 9th 2008

Google Chrome has lived its minutes of fame in the first week of life, however, in addition to the tons of good stuff we’ve been hearing about it, there are also tons of stuff that other browsers do better. So if I were to choose a browser, I would choose Chrome, but not in its present form.

First of all, Google Chrome impresses through an interface that many have been craving for: simple, yet useful in every way. And it was created just for that, so users can get the best experience without clustered interfaces getting in the way.

Furthermore, it’s innovative, allowing users to open a tab in a new window by simply dragging it onto their desktop. The tabs are isolated so as to prevent one crashed tab from crashing all the other tabs, ending the restarting-the-browser ritual.

Another good thing about Chrome is that it’s pretty fast, with the isolated tab system also contributing to the loading speed of pages.

However, Google Chrome still lacks a lot of things, and perhaps this has been the decisive factor for users to go back to their regular browsers, at least until Chrome gets some more polishing; among them, add-ons, which make life worth living, and some security flaws.

On September 5, Google Chrome version 0.2.149.29 was released to fix a security risk that exposed users to remote attacks. Google explained that the automatic update was a security and bug fix issue, with no other functionality.

The security update included fixing a buffer overflow vulnerability in handling long filenames that display in the Save As… catalog, which was classified to be a critical risk that could have led to execution of arbitrary code.

The update also fixed a buffer overflow vulnerability in handling link targets displayed in the status area when the user hovers over a link, which was classified as a critical risk that would have led to execution of arbitrary code.

Another fix aimed at an out-of-bounds memory read when parsing URL’s ending with %, which was considered to be a low risk that could have been used to crash the entire browser, possibly causing loss of data in the current session.

Another major fix was changing the default Downloads directory if it was set to desktop, so as to mitigate the risk of malicious cluttering of the desktop with unwanted downloads, which could have led to executing unwanted files.

In addition to that, Google also fixed some data transfer issues with the Safe Browsing that caused unnecessary traffic, a JavaScript bug that affected facebook.com, as well as some search suggestions not working properly.

Google made the release notes for the update available days after the update was made, after users demanded to know that type of information. Release notes were made available here: http://googlechromereleases.blogspot.com/.