In association with heise online

07 November 2012, 11:30

Chrome 23 closes holes, promises longer battery life

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chome logo In addition to closing several security holes, the latest stable release of Google's Chrome web browser promises to improve battery life for some users and includes support for the Do Not Track (DNT) header. For systems with dedicated graphics chips that support Chrome's GPU-accelerated video decoding, version 23 of the WebKit-based browser is said to significantly reduce power consumption. According to Google, batteries lasted on average 25% longer in its tests when GPU-accelerated video decoding was enabled compared to only using a system's CPU when streaming online videos.

The update also makes it easier for users to view and control permissions for web sites. By clicking on the page/lock icon next to a site's address, users can modify such permissions as geolocation, popups, camera and microphone access, and JavaScript. The new version is the first stable release to include support for the Do Not Track privacy setting. Originally proposed by Mozilla, DNT is a developing standard that tells web sites that the browser user wishes to opt-out of online behavioural tracking. Do Not Track is not turned on by default in Chrome 23; users can enable DNT by selecting SettingsShow advanced settings and checking the box next to "Send a ‘Do Not Track’ request with your browsing traffic".


Zoom The new version of Chrome makes it easier for users to view and control web site permissions
Version 23 of Chrome also addresses a total of 15 security vulnerabilities in the browser, 6 of which are rated as "high severity". These include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk have also been corrected.

As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a number of critical vulnerabilities, all of which were discovered by the Google Security Team.

Further information about the new features can be found in the release announcement, while a full list of security fixes is provided in a post on the Chrome Releases blog. Chrome 23.0.1271.64 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users should be upgraded to the new version automatically the next time they run the browser or can use the built-in update tool. Chrome is built from Chromium, the open source browser project run by Google.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1744972
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit