In association with heise online

13 September 2012, 12:04

Chrome for Android update strengthens sandbox

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Chrome for Android 18.0.1025308 is now available on the Play store

The Chrome version for Google's Android mobile OS has been updated to improve the browser's sandbox. The changes make it harder for malicious web sites to break out of their containment and compromise the rest of the processes running in the browser. Along with these improvements, Google closed seven security vulnerabilities that were rated at Medium threat level by the company.

The improvements to the sandbox in Chrome for Android 18.0.1025308 are only available for phones running Android 4.1 ("Jelly Bean"), but the security fixes will be delivered through Google's Play store to phones running Android 4.0 ("Ice Cream Sandwich") or above. The fixes mostly deal with Universal Cross-Site Scripting (UXSS) vulnerabilities in the browser and other bugs that allow malicious web sites to gain access to data, local files and processes running in other Chrome tabs. A fix to the Android API prevents it from exposing JavaScript, and two fixes to the file:// URI scheme prevent disclosure of information and credentials through it. The developers also closed a hole that allowed a malicious local Android application to steal cookies from Chrome.

Known issues with this release of Chrome for Android are listed on the Chrome support web site and the release is available for download from Google's Play store.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit