Google updates Chrome, Chromium and Frame
Google has fixed a number of serious bugs in its Chrome browser, and has released new versions of the Chrome developer version and Chrome Frame, a plug-in that allows Microsoft's Internet Explorer to access websites using the Chrome rendering engine.
The Chrome bugs were fixed in version 5.0.375.70 of the browser, released on Tuesday for Linux, Mac and Windows. This is the first bug-fixing release since Google began offering stable Chrome versions for Mac and Linux.
Apple, which makes the competing Safari browser, was credited for fixing two of Chrome's high-risk security flaws. Safari is based on the same open-source browser engine as Chrome, called WebKit.
Two researchers received payments for reporting zero-day bugs to Google: one was paid $2,000 (£1,358) for finding a high-risk bug allowing cross-origin bypass in DOM methods, and another netted $500 for tracking down a high-risk bug causing a memory error in table layouts.
Other high-risk flaws included a sandbox escape flaw in the Linux version, a bitmap stale pointer flaw, a memory corruption bug in DOM node normalisation and a memory corruption bug in text transforms. A total of eight of the bugs were labelled as high risk.
Google also released version 6.0.422.0 of the Chromium — the developer version of Chrome — fixing minor bugs and adding features such as desktop notifications, an HTML 5 sandbox attribute and an integrated Flash Player plug-in.
Also on Tuesday Google said it was taking Chrome Frame out of developer preview status and putting it into beta testing.
Chrome Frame allows Internet Explorer (IE) to render JavaScript and other elements using the Chrome browser engine. Google recommends the plugin for IE users wishing to access its properties such as Wave, YouTube and Orkut, and it said the plugin has been adopted by third parties including Meebo and WordPress.
The beta version of Frame focuses on bug fixes, including improvements in integration with IE, as well as tweaks to security, stability and performance, Google said.
"For example, we've improved our handling of Internet Explorer's InPrivate browsing, cache clearing, and cookie blocking," said Google software engineers Amit Joshi and Alex Russell in a blog post.
At Frame's launch in September 2009, Microsoft criticised the plug-in for giving IE users new security risks.
"Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take," Microsoft stated at the time.
Apple this week released Safari 5, updating the browser with a speed boost, expanded search options and a new Safari Reader feature that supports the latest HTML 5 technologies.