Omnibox Prerendering basically preloads some of the pages that are presented to you in the browser’s address bar. This reduces the time between hitting the Enter key on the keyboard and seeing the page fully rendered in the browser window. It is not clear how Chrome selects those pages, but it is likely that your previous browsing history and bookmarks may have something to do with it. This does create some overhead though, especially if the browser does not select the right pages that often.

Chrome users who do not want or need the prerendering feature can disable it in the following way:

• Open chrome://flags/ in the Chrome address bar and hit enter.
• Locate the flag Prerender from omnibox and change the feature’s state to disabled.



The second new feature is the automatic scanning of executable files like exe or msi in Chrome to warn you if you are downloading a malicious file or a file from a host that is know to host a high percentage of malicious downloads.

Google maintains a whitelist of files that are not checked. All other files are checked with Google to retrieve more information. While not a fail safe approach, it can warn users if they are about to download known malicious files. The concept looks similar to Microsoft’s SmartScreen Filter. It does not seem possible to disable the feature right now in the browser.

In addition, a total of 20 security vulnerabilities were closed in Chrome 17 of which one received the highest possible severity rating of critical.

You can read up on the changes at the official Chrome Release blog. Chrome updates should already been applied to existing Chrome Stable installations. You can verify the version with a click on Wrench > About Google Chrome. There you can also download and apply the update if the browser has not been updated yet.

More important than the version bump to 11 are the security updates that have been implemented in the browser. A total of 25 different security issues have been resolved in Google Chrome 11. Of those, 16 have received a severity rating of high, the second highest. A further six have received a rating of medium and the remaining three one of low. No security issue has been rated as critical, the highest available rating for security vulnerabilities.

Several of the security vulnerabilities are affecting only the Macintosh or Linux versions of Chrome.

• [61502] High CVE-2011-1303: Stale pointer in floating object handling.
• [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins.
• [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling.
• [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling.
• [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files.
• [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X.
• [73526] High CVE-2011-1437: Integer overflows in float rendering.
• [74653] High CVE-2011-1438: Same origin policy violation with blobs.
• [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes.
• [75186] High CVE-2011-1440: Use-after-free with tag and CSS.
• [75347] High CVE-2011-1441: Bad cast with floating select lists.
• [75801] High CVE-2011-1442: Corrupt node trees with mutation events.
• [76001] High CVE-2011-1443: Stale pointers in layering code.
• [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher.
• [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG.
• [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads.
• [76966] High CVE-2011-1447: Stale pointer in drop-down list handling.
• [77130] High CVE-2011-1448: Stale pointer in height calculations.
• [77346] High CVE-2011-1449: Use-after-free in WebSockets.
• [77349] Low CVE-2011-1450: Dangling pointers in file dialogs.
• [77463] High CVE-2011-1451: Dangling pointers in DOM id map.
• [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload.
• [79199] High CVE-2011-1454: Use-after-free in DOM id handling.
• [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF.
• [79364] High CVE-2011-1456: Stale pointers with PDF forms.

Google has paid security researchers a total of $16,500 for the discovery of security issues in the web browser.

Google Chrome 11 includes a new speech input through HTMl feature which can be used by websites to use a web user’s speed input. Google Translate is one of the first services to include a listen option. Speech input requires a microphone connected to the computer.

The Google Chrome update is available directly from within the browser. You can check for the update with a click on the wrench icon in the address bar and the selection of About Google Chrome in the menu.

You find further instructions at our How To Upgrade, Downgrade Google Chrome guide.

Three additional security vulnerabilities are fixed in the latest Google Chrome Stable version. One of the fixed issues is only affecting Chrome on Windows, while the remaining are affected all versions of the Chrome browser.

• [Windows only] [70070] Critical CVE-2011-1300: Off-by-three in GPU process.
• [75629] Critical CVE-2011-1301: Use-after-free in the GPU process.
• [78524] Critical CVE-2011-1302: Heap overflow in the GPU process.

All three vulnerabilities have received a critical rating, the highest possible rating. The Adobe Flash vulnerability was rated critical by Adobe, which means four critical vulnerabilities have been fixed in total in the latest version of Google Chrome.

Google Chrome users can download the latest version of the web browser from the official Google Chrome download page, or with an in-browser update.

Google Chrome should recognize the update automatically and apply it on the next restart of the browser. They can initiate the update check manually with a click on Tools > About Google Chrome.

This queries the Google Update server to see if a new version of the installed Chrome browser is available. Updates that are found by the check are downloaded automatically, and the only thing left to do is to restart the browser to apply the update that secures the Internet browser from those vulnerabilities.

Adobe confirmed that a general update for the Flash vulnerability will follow tomorrow.

The update is available for all supported operating systems (Microsoft Windows, Linux and Apple Macintosh) as well as Chrome Frame, a plugin for Microsoft’s Internet Explorer that allows Internet Explorer users to utilize Chrome’s rendering engine in the Microsoft browser.

A total of six security issues have been fixed in the new version of Google Chrome, of which all have received a severity rating of high, the second highest rating.

• CVE-2011-1291: Buffer error in base string handling.
• CVE-2011-1292: Use-after-free in the frame loader.
• CVE-2011-1293: Use-after-free in HTMLCollection.
• CVE-2011-1294: Stale pointer in CSS handling.
• CVE-2011-1295: DOM tree corruption with broken node parentage.
• CVE-2011-1296: Stale pointer in SVG text handling.

The update has been rolled out for the stable channel of the browser, but it is likely that the security fixes have been fixed in beta, dev and canary builds as well previously.

Some Chrome users are reporting crashes related to the Flash plugin on sites such as Gmail or the Irish RTE. (via)

In other news: The Chrome Dev channel has been updated as well to version 12.0.712.0 on all supported operating systems. The update is not a security update though. It adds multi-tab selection to the browser and updates the V8 rendering engine to 3.2.3.1. Mac users get “new and improved bookmark bar animations”. (via)

The update is a security release as it fixes several security vulnerabilities that have been discovered in previous versions of the browser.

The announcement lists a total of 19 security vulnerabilities that have been fixed in the new version. Of these 19, 16 received a severity rating of high, which is the second-highest available rating. The remaining three vulnerabilities have been rated as medium.

The updates will be applied automatically to existing installations of the Google browser. Users who have disabled automatic updates need to download the latest version of the web browser from the official download page over at Google.

Chrome users can verify the version of their browser by clicking on Tools > About Google Chrome.

The Chrome security team mentioned that their rewards program has now given independent security researchers more than $100,000 since its inception. The program is an incentive for independent security researchers to search for security vulnerabilities in the web browser.

The blog post with details about all 19 security vulnerabilities can be accessed here.

The JavaScript engine has been updated to improve the performance of the browser. Jeff Chang, Product Manager over at the Chrome blog speaks of a 66% performance improvement on the V8 benchmark suite over the previous version

That’s not the only speed improvement in the new beta channel release. GPU-accelerated video has been implemented as well, albeit preliminary, which should reduce the cpu usage of users with compatible graphics hardware, according to Google by up to 80% in full screen mode.

Security in the new version has been improved as well. Chrome will for instance disable outdated plugins automatically by default which in the past have always been one of the most popular attack vectors.

Other features included in the release are password syncing which is not enabled by default and a new settings page that opens in a tab instead of a dialog box. Settings access has been improved as it is now possible to enter the name of the setting into the url form to see all settings that match the query. It is now also possible to jump to most settings directly without having to navigate through a series of menus first.

The new Chrome Beta channel version improves several key aspects of the web browser. Chrome Beta users are as usual updated automatically. New users who want to download the Chrome Beta release can download it from the getting involved page over at Chromium.

A total of nine security vulnerabilities have been fixed in Google Chrome 9.0.597.84 of which one received a critical vulnerability rating, the highest possible rating. Two vulnerabilities were rated as high and six as low. Two of the vulnerabilities are only affecting Apple Mac systems, the remaining seven all supported operating systems.

Consult the listing below for an overview (via):

• [Mac only]Low Minor sandbox leak via stat().
• High Use-after-free in image loading.
• Low Apply some restrictions to cross-origin drag + drop.
• Low Browser crash with extension with missing key.
• High Crashing when printing in PDF event handler.
• Low Handle merging of autofill profiles more gracefully.
• [Mac only] Low Work around a crash in the Mac OS 10.5
• Low Browser crash with bad volume setting.
• Critical Race condition in audio handling.

The Google Chrome blog details the new features that have been added to the stable channel:

• WebGL is now supported in Google Chrome stable. It is a “new technology which brings hardware-accelerated 3D graphics to the browser”.
• Chrome Instant will load frequently visited web pages as soon as the user begins to enter the url into the address bar.
• The Chrome Web Store is now open toa ll Chrome users in the United States.

Google Chrome stable users can update the browser from within. They need to click on the wrench icon in the address bar and select About Google Chrome from the available options.

New users should consult our Where Can I Download The Different Google Chrome Builds? guide.

The Chrome blog lists 16 different vulnerabilities that have been fixed in the new version of which one received the highest rating critical and 13 of high. The researcher who discovered the critical vulnerability has received the first “elite” Chromium Security Reward which comes with a $3133.7 payment.

The list of fixed vulnerabilities:

• [58053] Medium Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community.
• [$1337] [65764] High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
• [66334] High Crashes when printing multi-page PDFs. Credit to Google Chrome Security Team (Chris Evans).
• [$1000] [66560] High Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
• [$500] [66748] High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
• [67100] High Use after free in PDF page handling. Credit to Google Chrome Security Team (Chris Evans).
• [$1000] [67208] High Stack corruption after PDF out-of-memory condition. Credit to Jared Allar of CERT.
• [$1000] [67303] High Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT.
• [$500] [67363] High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz.
• [$1000] [67393] Medium Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc.
• [$1000] [68115] High Vorbis decoder buffer overflows. Credit to David Warren of CERT.
• [$1000] [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of OUSPG.
• [$1000] [68178] High Bad cast in anchor handling. Credit to Sergey Glazunov.
• [$1000] [68181] High Bad cast in video handling. Credit to Sergey Glazunov.
• [$1000] [68439] High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined).
• [$3133.7] [68666] Critical Stale pointer in speech handling. Credit to Sergey Glazunov.

It is recommended to update the web browser as soon as possible to protect it and the underlying operating system from possible exploits. Chrome users can either check for updates by clicking on the Wrench icon and selecting About Google Chrome or visit the official download page to download the latest Google Chrome version.

A total of nine different security issues have been fixed in both browser versions, of which one has been rated critical and six as high.

• High Use-after-free when using document APIs during parse.
• High Use-after-free in SVG styles.
• High Use-after-free with nested SVG elements.
• Low Possible browser assert in cursor handling.
• High Race condition in console handling.
• Low Unlikely browser crash in pop-up blocking.
• Critical Fix bug 45400 properly on the Mac.
• High Memory corruption in Geolocation.
• High Memory corruption in Khmer handling.
• Low Failure to prompt for extension history access.

The new versions can be updated from within the browser, by clicking on the Wrench icon in the header bar, and then on About Google Chrome.

Another option is to download the latest version of the web browser from the official download channels, which are accessible here (for Chrome Stable) and here (Chrome Beta)

In other news: Today is the day that the Internet Explorer 9 Beta will be released to the public. Interested users can tune in to a web cast at 10:30 PST to learn about the new features in Internet Explorer 9.

Stable version updates on the other hand affect the majority of Chrome users, who are running this version of the browser.

Today’s stable channel update brings the Chrome version to 5.0.375.127 on Windows, Mac and Linux.

The security update fixes several vulnerabilities in the web browser, among them two with a severity rating of critical, the highest possible rating. Six of the remaining seven vulnerabilities are rated as high, and the last one as medium.

• Critical Memory corruption with file dialog.
• High Memory corruption with SVGs.
• High Bad cast with text editing.
• High Possible address bar spoofing with history bug.
• High Memory corruption in MIME type handling.
• Critical Crash on shutdown due to notifications bug.
• Medium Stop omnibox autosuggest if the user might be about to type a password.
• High Memory corruption with Ruby support.
• High Memory corruption with Geolocation support.

Chrome stable users are asked to update their web browser immediately to protect the browser and computer system from possible exploits.

Updates are as usually available at the official Google Chrome website, and via the About Google Chrome menu in the browser itself.

Google Chrome Stable is the official Google browser offered to the public, while Google Chrome Beta and Google Chrome Dev are offered to tech enthusiasts and developers.

The update raises the stable version of Google Chrome to 5.0.375.70.

A total of eleven security issues have been fixed of which nine have received a severity rating of high and two of medium.

• Medium Cross-origin keystroke redirection.
• High Cross-origin bypass in DOM methods.
• High Memory error in table layout.
• [Linux only] High Linux sandbox escape.
• High Bitmap stale pointer.
• High Memory corruption in DOM node normalization.
• High Memory corruption in text transforms.
• Medium XSS in innerHTML property of textarea.
• High Memory corruption in font handling.
• High Geolocation events fire after document deletion.
• High Memory corruption in rendering of list

markers.

Chrome users who are working with the stable version of the web browser are asked to update their browser immediately to protect it against exploits targeting the security issues. The update can be started by clicking on Tools > About Google Chrome.

Update: Google Chrome Dev has also been updated.

This has changed today with the release of Google Chrome 5 stable for all supported operating systems. Windows, Mac and Linux users can now download a faster version of the web browser directly from Google.

Google Chrome 5 Stable comes with many additions compared to the previous versions of the stable channel.

New and improved features include synchronization of bookmarks and browser preferences, HTML5 features such as the geolcation api or web sockets, and a faster rendering engine and better overall performance of the browser.

The internal Flash Player has not been integrated into Google Chrome 5 stable yet but the developers promise to add this feature with the full release of Flash Player 10.1 which will be released soon.

Google Chrome stable users will soon be prompted to auto update the web browser soon. Users who do not want to wait that long can download Google Chrome 5 stable from the official download site.

The beta channel, more stable than the dev channel, is currently offered as version 5.x while the stable channel is still offered as version 4.x. This does not necessarily mean that there are lots of feature differences between the web browsers.

Google Chrome 6.0.401.1 Dev for Windows, Linux and Mac can be downloaded and installed directly from the browser’s check for updates function.

Changelog:

All
Don’t prepend scheme on copying an incomplete hostname. (Issue 43585)
Windows
Much better display/eliding of RTL and mixed-direction strings in the omnibox dropdown. (Issue 41716)
Linux
Make sure scheme is prepended to addresses that are cut (as opposed to copied) from the omnibox. (Issue 43569)
Fixed rendering of monospaced fonts on Linux (Issue 43252)
Known Issues
Hitting enter in some form fields does not submit the form. This will be fixed in the next Dev release.

Users who have not installed Google Chrome dev yet can download the latest build directly from the Chromium website.

The beta build offers a good compromise between stability and speed. The latest Chrome beta update promises a 30% to 35% speed improvement over the previous beta channel release which in itself is already faster than the stable release of the browser.

This alone might convince users who dig speed to make the switch to the beta channel – or the even faster dev channel. But the latest Chrome update available for Windows, Linux and Macintosh systems delivers more than just speed.

The developers have added a handful of features to the beta release. Bookmark sync for one has been extended so that browser preferences, themes, homepage and startup settings can now be synced as well.

This beta version of the browser is now also including a native version of the Adobe Flash Player. Security conscious users who prefer to work without Flash can disable it in the browser’s options.

The two other features that have been added are several new HTML5 features including Geolocation, drag and drop, web sockets or app cache and the ability to install extension in the browser’s incognito mode.

Interested users can visit the announcement post over at the official Chrome blog or download the latest versions directly from the beta channel.

The browser was updated to Google Chrome 4.1.249.1064 fixing two bugs and three security issues in the process. One bug affected the JavaScript performance of the browser while the other reported an incorrect path for the Java plugin.

The security vulnerabilities have all received a high rating which is the second highest security vulnerability rating.

High Cross-origin bypass in Google URL (GURL).
High Memory corruption in HTML5 Media handling.
High Memory corruption in font handling.

Google Chrome users who are still running the stable channel on Windows are encouraged to update the web browser as soon as possible to fix the security issues and bugs.

It is possible to install the update directly in Chrome by clicking on the Tool icon in the main toolbar and then About Google Chrome. Users who prefer to download the latest version can do so at the official Google Chrome website.

A total of seven security vulnerabilities have been fixed in the release of which four have been classified as high and three as normal.

[$500] [39443] High Type confusion error with forms. Credit: kuzzcc.
[39698] High HTTP request error leading to possible XSRF. Credit: Meder Kydyraliev, Google Security Team.
[40136] Medium Local file reference through developer tools. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
[40137] Medium Cross-site scripting in chrome://net-internals. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
[40138] High Cross-site scripting in chrome://downloads. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
[40575] Medium Pages might load with privileges of the New Tab page.
[$500] [40635] High Memory corruption in V8 bindings. Credit: kuzzcc; Google Chrome Security Team (SkyLined); Michal Zalewski, Google Security Team.

Chrome users running a stable version can update the web browser by checking for updates in the About Google Chrome page after clicking on the tools icon in the browser’s toolbar. Users who want to try out the Chrome browser can download the latest version from the official website.

The developers have added an option to the Google Chrome settings to turn off the automatic translation suggestion in the web browser completely. Google not long ago began to implement the feature to display a translation message whenever the user visited a website that was not written in the computer system’s language. Back then options to disable the feature for a particular language were available but no option to disable the Google Translate feature completely.

Stable users can now disable the translate feature by going to Tools > Options > Under the hood. Google Translate can be disabled by removing the checkmark in “Offer to translate pages that aren’t in a language I read”.

The second issue that the Chrome developers have fixed in the stable release is a fix to prevent crashes with the Last Pass extension, a very popular password manager for the browser.

Chrome users who are running the stable version of the browser can update it automatically by About Google Chrome or by visiting the official Download Google Chrome page to do so.

Geolocation has been added to make use of the user’s location when providing services to the user. This feature can be integrated into websites and extensions.

The user’s privacy is guaranteed since a confirmation prompt is displayed whenever a service tries to access the geolocation feature to detect the user’s location.

The geolocation feature is for instance used in Google Maps to locate the user on the world map and it is likely that new applications will eventually be released that make use of this feature.

Internet users who want to test the new geolocation feature need to download the latest version of the Google Chrome dev release to do so and start the browser with the parameter mentioned above.

It should also be noted that permissions are not persistent and that wifi based location is currently only supported on Windows and Mac (but not OSX 10.6).

The changelog for that first Google Chrome 5 release does not reveal many changes which can be attributed to the short time span between the final release of Google Chrome 4 and the first release of version 5 of the web browser.

One very handy change is that Google Chrome 5 now uses the default download directories in Vista and Windows 7 (before it was using MyDocuments/ Downloads/ instead of /Downloads/. A content settings dialog has been added to the options. This new settings window is available in the Under the Hood section of the Google Chrome options.

It displays settings on how to deal with cookies, images, JavaScript, Plugins and Pop-ups. It can for instance be used to disable all JavaScript on all sites but the sites listed in the exception list.

• Cookies: Modify how cookies and other site date are saved on your computer (Allow local data to be set, ask me when a site tries to set data, block sites from setting any day (with an exception list provided). Can also be used to block all third party cookies without exception and to clear cookies and other site data when the browser is closed. Does contain a link to Adobe Flash Player storage settings.
• Images: Show all images, or do not show any images but for sites on the exceptions list.
• JavaScript: Allow all sites to run JavaScript or do not allow any site to run JavaScript except for the sites in the exceptions list.
• Plugins: Allow all sites to use plug-ins or do not allow any site to use plugins except for the sites in the exception list.
• Popups: Allow all sites to use popups or do not allow any site to use popups except for the sites in the exception list.

Version 5 of Google Chrome comes with the address bar separator which can be used to hide the extension buttons in the toolbar.

Google Chrome 5 can be downloaded from the official early access page at the Google Chrome website.

Addendum: While the Content Settings window is accessible in Google Chrome 5 it does not currently contain any functionality.

Google Chrome 4 fixes 13 security vulnerabilities that affect previous versions of the web browser. Six of the vulnerabilities have been rated as high by the security team which usually indicate vulnerabilities that allow an attacker to take control of the computer system.

* [3275] Low Pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
* [9877] Medium Cross-domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
* [12523] Medium Browser memory error with stale pop-up block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
* [20450] Low Prevent XHR to directories. Credit to the Chromium development community.
* [23693] Low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
* [8864] [24701] [24646] High Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
* [28566] High Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
* [29920] Low Corner case failure to strip Referer. Credit to the Chromium development community.
* [30660] High Cross-domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
* [31307] High Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
* [31517] Low Browser crash with nested URL.

Users running a previous version of the Google Chrome web browser – which can either be a release version of a developer version that has not been updated yet – are encouraged to either update to the stable version that has been released by Google to the public or to the latest dev versions that do not contain the security vulnerabilities as well.

The stable version can be downloaded from the official Google Chrome website (only available for the Windows operating system).