This article was published on September 12, 2012

Google releases new version of Chrome for Android, plugs seven security holes


Google releases new version of Chrome for Android, plugs seven security holes

Google today updated Chrome for Android to version 18.0.1025308. You can download the latest release from the official Google Play store (Android 4.0+ required).

While the new version is available for both Android 4.0 (Ice Cream Sandwich) and Android 4.1 (Jelly Bean), if you’re on the latest you’ll be even more secure. That’s because Google has strengthened its sandbox technology, which locks down malicious code so that it doesn’t impact the entire mobile browser. Jellybean users automatically get the more in-depth sandboxing capability, which uses Chrome for Android’s multi-process architecture and Android’s User ID (UID) isolation technology.

If you’re on Ice Cream Sandwich or later, you still get a bunch of bug fixes as well as “important security and stability fixes.” More specifically, Google has fixed seven “Medium” rated security vulnerabilities:

  • [$500] [138210] Medium – Information and credential disclosure by file:// URLs. Credit to Artem Chaykin.
  • [$500] [138035] Medium – Current-tab cross-application scripting (UXSS). Credit to Artem Chaykin.
  • [$500] [144813] Medium – UXSS via Intent extra data. Credit to Takeshi Terada.
  • [$500] [144820] Medium – Information and credential disclosure by file:// URLs. Credit to Takeshi Terada.
  • [$500] [137532] Medium – Android APIs exposed to JavaScript. Credit to Takeshi Terada.
  • [$500] [144866] Medium – Bypassing same-origin policy for local files with symlinks. Credit to Takeshi Terada.
  • [$500] [141889] Medium – Cookie theft by malicious local Android app. Credit to Takeshi Terada.

A quick tally shows Google has spent $3,500 in bug bounties for this release. That’s very little compared to what the company has spent on Chrome in the past, but it’s quite big for a mobile release.

Security aside, the changelog shows us three new changes:

  • Location preference now integrated to system level Google apps location setting.
  • Youtube videos controls now work in full screen mode; videos continue playing after a screen lock/unlock.
  • Fixes to make third-party IMEs work better with Chrome.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

That middle point is worth noting, given the recent YouTube changes on iOS. It’s good to know Google hasn’t forgotten about how YouTube works on Android.

Image credit: stock.xchng

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top