Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Quashes 13 Chrome Bugs, Adds PDF Viewer

Posted by timothy on from the next-please-block-cw-popups dept.

CWmike writes "Google on Thursday patched 13 vulnerabilities in Chrome 8 (stable), and debuted Google's built-in PDF viewer, an alternative to the bug-plagued Adobe Reader plug-in, and included support for the still-not-launched Chrome Web Store. The 13 flaws fixed in Chrome 8.0.552.215 are in a variety of components, including the browser's history, its video indexing and the display of SVG (scalable vector graphics) animations. Next up: Adobe and Google have collaborated to put the Flash Player plug-in inside a sandbox within the dev build of Chrome, an effort by the two companies to better protect users from attacks."

4 of 177 comments (clear)

  1. Because I like being on cutting edge... by McNihil · · Score: 4, Informative

    Just tested it with chrome 9.x... the pdf rendering is ridiculously fast.

  2. Re:whoop dee doo by onefriedrice · · Score: 4, Informative

    All this enhancement sounds great, but I wish they would concentrate on compatibility with web sites first. There are too many sites that don't work well with Chrome and I am tired of getting warnings from popular sites that warn me about running an unsupported browser.

    Any examples you can come up with, because I have no idea what you're talking about. WebKit is extremely compatible (it's one of the most popular HTML engines out there), and I don't know of any incompatibilities with Chrome's Javascript VM either, so... I guess I'll just have to call BS.

    --
    This author takes full ownership and responsibility for the unpopular opinions outlined above.
  3. Re:Damn. It's all downhill for now. by Anonymous Coward · · Score: 5, Informative

    about:plugins -> Chrome PDF Viewer -> Disable.

    or

    Options -> Under the Hood -> Content settings -> Plug-ins -> Block all.

    Also it's weird to say a plugin is causing bloat, when the plugin resides in a shared library, it only registers one embed handler, and is entered only when a PDF is viewed. It has zero runtime overhead and its .text section is shared between processes (iirc... loadlibrary on win32 does copy-on-write).

  4. Re:Damn. It's all downhill for now. by Anonymous Coward · · Score: 5, Informative

    Hello monoculture software. Hello exploits.

    We embedded a viewer so that we could sandbox it. This makes exploits much harder to pull off. If you do manage to get a user to open a PDF that exploits a bug, the sandbox ensures that the process you now control is unable to access the filesystem or open network connections, and will be killed if it tries.

    99% of users don't know what a plugin is, and won't keep them up to date unless the process is totally automatic. Chrome got this right: Updates are silently downloaded and applied unless you go out of your way to disabling them. Making the PDF plugin a part of Chrome allows chrome updates to update the plugin. Chrome's track record fixing security bugs fast is far better than the record of the PDF plugin that virtually all Windows users most user have.

    If you don't want to use the fast, small, sandboxed PDF viewer that gets security updates, go to about:plugins and click disable. Nothing stops you from using other plugin if you want to.