In association with heise online

29 March 2012, 12:32

Chrome 18 improves graphics performance, closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chrome logo Google has released version 18 of Chrome, the company's own extended version of the open source Chromium web browser. The new Stable channel release, labelled 18.0.1025.142, fixes several security vulnerabilities, and improves graphics and drawing performance on systems with capable hardware.

This is done by adding support for GPU-accelerated rendering of 2D Canvas content on Windows and Mac OS X systems. According to the developers, the GPU acceleration should improve the overall performance of graphics-intensive web applications, making canvas-based animations and games "run faster and feel smoother". For older systems that can't make use of of the GPU, Chrome can now display 3D content using the SwiftShader software rasteriser, which Google licensed from TransGaming, Inc. However, the developers note that "a software-backed WebGL implementation is never going to perform as well as one running on a real GPU, but now more users will have access to basic 3D content on the web".

Additionally, this new version closes a total of nine security holes, of which three are rated as "High severity" by Google. These include high-risk use-after-free errors in SVG clipping, an off-by-one problem in OpenType Sanitizer and memory corruption bugs in Skia. Other closed holes include five medium-severity problems such as out-of-bounds reads in SVG text and text fragment handling, a cross-site scripting (XSS) bug, a SPDY proxy certificate checking error and an invalid read in the V8 JavaScript engine. A low-severity bug used by a hacker going by the name of "Pinkie Pie" during the Pwn2Own competition at CanSecWest was also closed. Google's Karen Grunberg notes that some of these "represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition".

As part of its Chromium Security Vulnerability Rewards programme, Google paid security researchers $4,000 for discovering and reporting the holes – $8,000 in additional rewards were issued for security bugs reported to the company during the development cycle of Chrome 18. As usual, more details about the vulnerabilities are being withheld until "a majority of users are up-to-date with the fix".

Further information about this stable update can be found in a post on the Chromium Blog. Chrome 18.0.1025.142 is available to download for Windows, Mac OS X and Linux from google.com/chrome; alternatively, existing users can upgrade using the built-in update function.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1486421
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit