Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Patches 30 Chrome Bugs, Adds Instant Pages

Posted by CmdrTaco on from the not-a-bad-month dept.

JohnBert writes "Google patched 30 vulnerabilities in Chrome, paying out the third-highest bounty total ever for the bugs that outsiders filed with its security team. The company packaged the patches with an update to Chrome 13, adding Instant Pages to the 'stable' channel of the browser. The feature, which Google earlier tucked into Chrome 13 previews, proactively pre-loads some search results to speed up browsing. Google last upgraded Chrome's stable build in early June. Like Mozilla, which this year shifted to a rapid-release schedule, Google produces an update about every six-to-eight weeks. Fourteen of the 30 vulnerabilities patched were rated 'high,' the second-most-serious ranking in Google's four-step scoring system, while nine were pegged 'medium' and the remaining seven were labeled 'low.'"

21 of 103 comments (clear)

  1. Instant Pages? by OverlordQ · · Score: 3, Insightful

    I thought this was called link prefetching.

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:Instant Pages? by Bloodwine77 · · Score: 3, Interesting

      I added a simple check to my scripts long ago that detected Firefox prefetching and thew a HTTP 403 Forbidden status with a "Prefetching not permitted" message. It was straightforward to detect and block.

      Hopefully Chrome either makes it easy to detect and block, or at least easy to detect.

    2. Re:Instant Pages? by Anonymous Coward · · Score: 4, Insightful

      I seem to recall an antivirus software (AVG I think) doing something similar (prefetching and scanning for viruses on search results) and it caused havoc for webmasters.

    3. Re:Instant Pages? by alendit · · Score: 3, Informative

      As far as i understood, Instant Pages not only prefetch the top-hit in your search, but also renders the page in background. Didn't find any original anouncement from google, but here you can read some more about it http://www.ecreativeim.com/blog/2011/06/google-announces-chrome-only-instant-pages/ .

    4. Re:Instant Pages? by tapo · · Score: 2

      The difference is in implementation. Link prefetching was already supported in Chrome (and Firefox), which fetches the page in the background and stores the results in cache. Chrome 13 goes a step farther, actually prerendering the page in the background if requested (including running Javascript).

      Implementation details are here: http://code.google.com/chrome/whitepapers/prerender.html

      --
      "Joy is contagious," he said, peering into the microscope.
    5. Re:Instant Pages? by Anonymous Coward · · Score: 2, Informative

      I added a simple check to my scripts long ago that detected Firefox prefetching and thew a HTTP 403 Forbidden status with a "Prefetching not permitted" message. It was straightforward to detect and block.

      Hopefully Chrome either makes it easy to detect and block, or at least easy to detect.

      Sites must opt-in by changing their HTML. Users can disable it for their browser by unchecking "Predict network actions to improve page load performance" in Settings.

    6. Re:Instant Pages? by Bloodwine77 · · Score: 4, Informative

      I did some Googling and apparently Chrome will send the following header when prefetching:

      X-Purpose: instant

      http://www.google.com/chrome/intl/en/webmasters-faq.html#instant

      So it looks like it will be easy for me to block just as I have blocked Firefox prefetches.

    7. Re:Instant Pages? by HarrySquatter · · Score: 4, Insightful

      Chrome 13 goes a step farther, actually prerendering the page in the background if requested (including running Javascript).

      Better hope that it's not a malware page or something trying to use an XSS exploit. Be exploited before you even clicked the link! Brilliant!

  2. Re:I can see a couple issues by Anonymous Coward · · Score: 4, Interesting

    The first issue is this is going to play havoc with traffic analytics and tracking.

    Good. If information about my browsing habits starts to become unusable then perhaps they will stop tracking it.

  3. search, go to jail by box4831 · · Score: 2

    proactively pre-loads some search results to speed up browsing

    God help you if you search for 'child pore cleansing products' with google instant search turned on~

    --
    Miller Lite tastes like water that's somehow managed to rot.
    1. Re:search, go to jail by IAmGarethAdams · · Score: 2

      Well, after you type the 'r' in 'pore', Google will stop showing you any Instant search results

    2. Re:search, go to jail by MrHanky · · Score: 2

      But that's only because they forward your search to the FBI, who doesn't have a public search engine.

  4. Re:you know what speeds up my browsing by geekoid · · Score: 2

    Then turn it off.

    Sheesh.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  5. Caps? by Anonymous Coward · · Score: 4, Insightful

    Won't this help you burn through your usage caps in the background?

  6. Print Preview - Finally! by bogaboga · · Score: 3, Informative
    While I appreciate this new print preview functionality, I am not impressed that:
    • first, it took so long and
    • second, that even the delivered functionality pales in comparison with its Firefox counterpart.

    This is what I mean: I would like to adjust margins on the fly as I can do with Firefox.

    1. Re:Print Preview - Finally! by kripkenstein · · Score: 3, Interesting

      While I appreciate this new print preview functionality, I am not impressed that:

      • first, it took so long and
      • second, that even the delivered functionality pales in comparison with its Firefox counterpart.

      This is what I mean: I would like to adjust margins on the fly as I can do with Firefox.

      What I find more annoying about the new print preview is that it isn't open source. It is in Chrome but not Chromium.

  7. Pre-fetching requires PERFECT security... by MadCow42 · · Score: 5, Insightful

    For most users the intuition of "don't click on that link" is the last layer of security between the wild west of the Internet and your computer. Prefetching breaks that barrier, and potentially exposes you to any malware writer that's capable enough and determined enough to get their infected (or pwnd) website into the top search results.

    Sorry... although Chrome is decent and maybe more secure than other browsers, until they can promise PERFECT security I don't want to take that chance.

    That'll never happen.

    If I can survive this far on my company-mandated, outdated IE browser without getting pwnd myself (yet), I think that last layer of security may be the most important one of all.

    --
    I used to have a sig, but I set it free and it never came back.
    1. Re:Pre-fetching requires PERFECT security... by gstrickler · · Score: 2

      You can disable (as I have) the prefetch in Chrome 13. Visit chrome://settings/advanced and deselect "Predict network actions to improve page load performance".

      Due to security, tracking, bandwidth usage, etc. concerns, it's just a bad idea for 95+% of the population. If you have metered performance, it wastes your bandwidth and/or costs you money. If you have a high speed link, the time savings are marginal. If the site has malware, you could get infected, possibly without even clicking the link. If it's a porn site, the URL, pics, and text might appear in your cache or history, which could cause you some marital or legal problems. The site may create cookies on your machine, possibly even an ever-cookie. If the site uses Flash or Flash based ads, it may use additional CPU and reduce your battery life on mobile devices. Does it even help if you're in the habit of opening links in a new tab/window (probably, but I don't know)? What if the site pops up other windows (popup or popunder), will those execute (I suspect not, but again I don't know)? I'm sure I've missed a number of other concerns.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
  8. Re:I can see a couple issues by Anonymous+Brave+Guy · · Score: 3, Informative

    If information about my browsing habits starts to become unusable then perhaps they will stop tracking it.

    I'm about as pro-privacy as they come on this issue, but even I don't mind a web site doing analytics within its own domain to see which types of content are most popular so they can be prioritised, optimise navigation based on users actual needs, etc. It's the cross-site/cross-visit tracking that is creepy, IMHO, particularly if associated with any other data previously known only to some of those sites.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  9. Re:WTF? I need to upgrade my OS to run Chrome 13? by Zan+Lynx · · Score: 2

    It's Debian. It's obsolete when it's released.

  10. Version number sanity? by kripkenstein · · Score: 2

    90 comments so far, and none of the top ones are bashing Google for Chrome's new version number. Have we finally moved past bashing Chrome and Firefox for increasing the major version number every 6 weeks? Please let it be so :)