Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Patches 30 Chrome Bugs, Adds Instant Pages

Posted by CmdrTaco on from the not-a-bad-month dept.

JohnBert writes "Google patched 30 vulnerabilities in Chrome, paying out the third-highest bounty total ever for the bugs that outsiders filed with its security team. The company packaged the patches with an update to Chrome 13, adding Instant Pages to the 'stable' channel of the browser. The feature, which Google earlier tucked into Chrome 13 previews, proactively pre-loads some search results to speed up browsing. Google last upgraded Chrome's stable build in early June. Like Mozilla, which this year shifted to a rapid-release schedule, Google produces an update about every six-to-eight weeks. Fourteen of the 30 vulnerabilities patched were rated 'high,' the second-most-serious ranking in Google's four-step scoring system, while nine were pegged 'medium' and the remaining seven were labeled 'low.'"

12 of 103 comments (clear)

  1. Instant Pages? by OverlordQ · · Score: 3, Insightful

    I thought this was called link prefetching.

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:Instant Pages? by Bloodwine77 · · Score: 3, Interesting

      I added a simple check to my scripts long ago that detected Firefox prefetching and thew a HTTP 403 Forbidden status with a "Prefetching not permitted" message. It was straightforward to detect and block.

      Hopefully Chrome either makes it easy to detect and block, or at least easy to detect.

    2. Re:Instant Pages? by Anonymous Coward · · Score: 4, Insightful

      I seem to recall an antivirus software (AVG I think) doing something similar (prefetching and scanning for viruses on search results) and it caused havoc for webmasters.

    3. Re:Instant Pages? by alendit · · Score: 3, Informative

      As far as i understood, Instant Pages not only prefetch the top-hit in your search, but also renders the page in background. Didn't find any original anouncement from google, but here you can read some more about it http://www.ecreativeim.com/blog/2011/06/google-announces-chrome-only-instant-pages/ .

    4. Re:Instant Pages? by Bloodwine77 · · Score: 4, Informative

      I did some Googling and apparently Chrome will send the following header when prefetching:

      X-Purpose: instant

      http://www.google.com/chrome/intl/en/webmasters-faq.html#instant

      So it looks like it will be easy for me to block just as I have blocked Firefox prefetches.

    5. Re:Instant Pages? by HarrySquatter · · Score: 4, Insightful

      Chrome 13 goes a step farther, actually prerendering the page in the background if requested (including running Javascript).

      Better hope that it's not a malware page or something trying to use an XSS exploit. Be exploited before you even clicked the link! Brilliant!

  2. Re:I can see a couple issues by Anonymous Coward · · Score: 4, Interesting

    The first issue is this is going to play havoc with traffic analytics and tracking.

    Good. If information about my browsing habits starts to become unusable then perhaps they will stop tracking it.

  3. Caps? by Anonymous Coward · · Score: 4, Insightful

    Won't this help you burn through your usage caps in the background?

  4. Print Preview - Finally! by bogaboga · · Score: 3, Informative
    While I appreciate this new print preview functionality, I am not impressed that:
    • first, it took so long and
    • second, that even the delivered functionality pales in comparison with its Firefox counterpart.

    This is what I mean: I would like to adjust margins on the fly as I can do with Firefox.

    1. Re:Print Preview - Finally! by kripkenstein · · Score: 3, Interesting

      While I appreciate this new print preview functionality, I am not impressed that:

      • first, it took so long and
      • second, that even the delivered functionality pales in comparison with its Firefox counterpart.

      This is what I mean: I would like to adjust margins on the fly as I can do with Firefox.

      What I find more annoying about the new print preview is that it isn't open source. It is in Chrome but not Chromium.

  5. Pre-fetching requires PERFECT security... by MadCow42 · · Score: 5, Insightful

    For most users the intuition of "don't click on that link" is the last layer of security between the wild west of the Internet and your computer. Prefetching breaks that barrier, and potentially exposes you to any malware writer that's capable enough and determined enough to get their infected (or pwnd) website into the top search results.

    Sorry... although Chrome is decent and maybe more secure than other browsers, until they can promise PERFECT security I don't want to take that chance.

    That'll never happen.

    If I can survive this far on my company-mandated, outdated IE browser without getting pwnd myself (yet), I think that last layer of security may be the most important one of all.

    --
    I used to have a sig, but I set it free and it never came back.
  6. Re:I can see a couple issues by Anonymous+Brave+Guy · · Score: 3, Informative

    If information about my browsing habits starts to become unusable then perhaps they will stop tracking it.

    I'm about as pro-privacy as they come on this issue, but even I don't mind a web site doing analytics within its own domain to see which types of content are most popular so they can be prioritised, optimise navigation based on users actual needs, etc. It's the cross-site/cross-visit tracking that is creepy, IMHO, particularly if associated with any other data previously known only to some of those sites.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.