While the new version is available for both Android 4.0 (Ice Cream Sandwich) and Android 4.1 (Jelly Bean), if you’re on the latest you’ll be even more secure. That’s because Google has strengthened its sandbox technology, which locks down malicious code so that it doesn’t impact the entire mobile browser. Jellybean users automatically get the more in-depth sandboxing capability, which uses Chrome for Android’s multi-process architecture and Android’s User ID (UID) isolation technology.
If you’re on Ice Cream Sandwich or later, you still get a bunch of bug fixes as well as “important security and stability fixes.” More specifically, Google has fixed seven “Medium” rated security vulnerabilities:
- [$500]  Medium – Information and credential disclosure by file:// URLs. Credit to Artem Chaykin.
- [$500]  Medium – Current-tab cross-application scripting (UXSS). Credit to Artem Chaykin.
- [$500]  Medium – UXSS via Intent extra data. Credit to Takeshi Terada.
- [$500]  Medium – Information and credential disclosure by file:// URLs. Credit to Takeshi Terada.
- [$500]  Medium – Bypassing same-origin policy for local files with symlinks. Credit to Takeshi Terada.
- [$500]  Medium – Cookie theft by malicious local Android app. Credit to Takeshi Terada.
A quick tally shows Google has spent $3,500 in bug bounties for this release. That’s very little compared to what the company has spent on Chrome in the past, but it’s quite big for a mobile release.
Security aside, the changelog shows us three new changes:
- Location preference now integrated to system level Google apps location setting.
- Youtube videos controls now work in full screen mode; videos continue playing after a screen lock/unlock.
- Fixes to make third-party IMEs work better with Chrome.
That middle point is worth noting, given the recent YouTube changes on iOS. It’s good to know Google hasn’t forgotten about how YouTube works on Android.
Image credit: stock.xchng