Google patches Chrome to prevent file-stealing
Takes opportunity to add new features to browser.
By Gregg Keizer, Computerworld (US online) | Published: 08:12, 17 November 2008
Google has patched Chrome in an attempt to prevent attackers from stealing files from PC. However, the update, has not yet been pushed out to users.
Google quashed the bug in a developer-only version of Chrome that has not been sent to all users via the browser's update mechanism. Chrome users, however, can reset the browser to receive all updates, including the developer editions, with the Channel Chooser plug-in.
Chrome 0.4.154.18 fixes a vulnerability that could be used by hackers to read files on a user's machine, then transfer them to their own malicious servers. "We now prevent local files from connecting to the network with XMLHttpRequest() and also prompt you to confirm a download if it is an HTML file," Mark Larson, Chrome's programme manager, said in an entry to the Chrome developer blog.
Related Articles on Techworld
Google also enhanced Chrome by adding several new features to the 0.4.154.18 build, including a bookmark manager, more granular control over the browser's built-in privacy mode and a revamped pop-up blocker.
Larson warned users, however, that Chrome continues to have problems synchronising offline data using Gears, Google's platform for building web applications that can be used offline as well as when the user is connected to the Internet. "Sites that use Gears to synchronise offline data may occasionally hang," Larson said. "You should disable offline access for sites until a fix is released."
Chrome 0.4.154.18 also includes a newer version of V8, the name for Google's JavaScript interpreter.
The current "official" beta build of Chrome is 0.3.154.9.
Google's browser accounted for only 0.74 percent of the browser usage share last month, according to data from web metrics company Net Applications.
