Google Releases Chrome for Android Security Update

Google releases new version of Chrome for Android, plugs seven security holes

Google today updated Chrome for Android to version 18.0.1025308. You can download the latest release from the official Google Play store (Android 4.0+ required).

While the new version is available for both Android 4.0 (Ice Cream Sandwich) and Android 4.1 (Jelly Bean), if you’re on the latest you’ll be even more secure. That’s because Google has strengthened its sandbox technology, which locks down malicious code so that it doesn’t impact the entire mobile browser. Jellybean users automatically get the more in-depth sandboxing capability, which uses Chrome for Android’s multi-process architecture and Android’s User ID (UID) isolation technology.

If you’re on Ice Cream Sandwich or later, you still get a bunch of bug fixes as well as “important security and stability fixes.” More specifically, Google has fixed seven “Medium” rated security vulnerabilities:

[$500] [138210] Medium – Information and credential disclosure by file:// URLs. Credit to Artem Chaykin.

[$500] [138035] Medium – Current-tab cross-application scripting (UXSS). Credit to Artem Chaykin.

[$500] [144813] Medium – UXSS via Intent extra data. Credit to Takeshi Terada.

[$500] [144820] Medium – Information and credential disclosure by file:// URLs. Credit to Takeshi Terada.

[$500] [137532] Medium – Android APIs exposed to JavaScript. Credit to Takeshi Terada.

[$500] [144866] Medium – Bypassing same-origin policy for local files with symlinks. Credit to Takeshi Terada.

[$500] [141889] Medium – Cookie theft by malicious local Android app. Credit to Takeshi Terada.

A quick tally shows Google has spent $3,500 in bug bounties for this release. That’s very little compared to what the company has spent on Chrome in the past, but it’s quite big for a mobile release.

Security aside, the changelog shows us three new changes:

Location preference now integrated to system level Google apps location setting.
Youtube videos controls now work in full screen mode; videos continue playing after a screen lock/unlock.
Fixes to make third-party IMEs work better with Chrome.

That middle point is worth noting, given the recent YouTube changes on iOS. It’s good to know Google hasn’t forgotten about how YouTube works on Android.

Celebrate King's Day with TNW Conference :tickets:

Use code GEZELLIG40 on your Business, Investor and Startup passes and get 40% off. Offer ends April 29.

Image credit: stock.xchng

Story by Emil Protalinski

Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl (show all) Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Google releases new version of Chrome for Android, plugs seven security holes

Get the TNW newsletter

Also tagged with

French competition watchdog fines Google €250M for AI copyright breaches

Google launches €25M AI drive to ‘empower’ Europe’s workforce

Join TNW All Access

Spotify ‘unfairly held back’ by Google and Apple, CEO says

EU investigates Apple, Google, Meta in first-ever probe under DMA competition law