From the ‘I miss Mozilla Weave’ files:
For those of you keeping score in the open source browser numbering acceleration, Google is now out with Chrome 19. As always, lots of security fixes, but what Google chose to highlight in their announcement blog post is a feature many of us have enjoyed for some time now – tab syncing across machines.
“When you’re signed in to Chrome, your open tabs are synced across all your devices, so you can quickly access them from the ‘Other devices’ menu on the New Tab page,” If you’ve got Chrome for Android Beta, you can open the same recipe tab right on your phone when you run out to the store for more ingredients.”
Now if I’m not mistaken, we’ve had sync across Google Chrome for some time. In fact, I first wrote about Chrome sync in August of 2009, a staggering 16 Chrome browser releases ago…
Yes, I know, the magic bit here is the syncing with Chrome for Android which is new. Firefox has kinda/sorta done the same thing on Firefox for Android for over a year.
That’s right. Mozilla is ahead of Google on syncing for Android.
Aside from that, I see nothing of note in Chrome 19 in terms of user-facing features. Of course there are also a slew of security fixes including:
- [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.
- [113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.
- [118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to “psaldorn”.
- [$1000] [118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.
- [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.
- [$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing. Credit to Aki Helin of OUSPG.
- [$1000] [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.
- [$500] [121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.
- [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).
- [$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.
- [$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling. Credit to miaubiz.
- [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling. Credit to miaubiz.
- [$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit to Hannu Heikkinen.
- [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.
- [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.
- [Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR (MSVR:159).
- [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.
- [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths. Credit to Google Chrome Security Team (Inferno).
If you look closely at the is list above you will see that vast majority of all these errors are memory related flaws. These are the same type that Google fixes every patch cycle. No they are not diminishing in number either, which leads me to speculate that there is a never ending fountain at the Googleplex that spews out memory flaws for researchers to pluck for cash rewards. Either that, or Chrome’s underlying memory management is just insecure by architecture.
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.
