Google strengthens Chrome for Android with sandbox

Google has issued an update for its Chrome browser for Android, with the focus on increasing its security.

According to Google software engineer Jay Civelli, who posted on the Google Chrome Blog today, the latest 18.0.1025308 update of Chrome for Android strengthens its sandbox. The Android and desktop versions of Chrome use a multi-process architecture to ensure that if one tab hangs or crashes, it doesn't affect other tabs, or at least affects only the minimum number of tabs.

The Android operating system itself also uses unique user IDs to create each Android process, which extends to each tab, since these are separate processes themselves. Tying these two concepts together results in a kernel-level application sandbox, where tabs are unable to hijack information from other tabs and have limited access to the operating system.

Google has also paid out US$3,500 to bug bounty hunters who found six medium-rated vulnerabilities in Chrome for Android. Fixes for these bugs are included in the most recent update.

Other features that have been improved include de-duplicating location settings so that these are managed via the operating system's Google Apps location settings, better support for playing YouTube videos from within the browser, and fixes to provide better support for third-party input method editors (IMEs), such as SwiftKey, Swype, and foreign-language keyboards.

Chrome continues to only be available for Android 4.0 Ice Cream Sandwich and later.