Chrome is on one of the fastest release cycles around (six weeks), so it’s not particularly riveting news that we’ve made it to Chrome the 10.0.x version set. However, there are a few features of particular note with the Chrome browser, including several major security updates.
These updates address potential Flash security issues and the vulnerability of plugins. First, Google is releasing the “Flash sandbox initiative,” which allows Adobe Flash to take advantage of the highly secure Chrome sandbox environment. The sandbox has been secure enough that in the 2010 pwn2own hacking competition, Chrome was the only browser not to get hacked. This year, in pwn2own 2011, the sandbox is allowing the browser to stand strong while both Safari and IE8 crumbled.
The Flash sandbox initiative will be automatic on Vista and newer versions of Windows, but will see its greatest benefit for users of Windows XP; XP users don’t have access to any browsers that run Flash out of their internal sandbox. While Flash is very popular on the web, it’s also one of the more vulnerable elements of the net, since it can execute scripts that tap into a user’s computer.
Plugins are another area of vulnerability, especially when they are out-of-date. That’s why Google has made a system that detects users when a plugin requires updating, and notifies users of that fact via a “simple infobar” that gives the option to run the plugin anyway or update the plugin.
Those who want to manipulate plugins further have already been able to do so via the plugin settings of Chrome’s Preferences menu, but this feature has been enhanced in Chrome 10. Advanced users will now be able to look through a context menu that allows them to decide which plugins on the site should or should not run.
Chrome is already ahead of the pack when it comes to security, but it looks like they’re intent on furthering their lead. The devotion to security on Chrome may be further enhanced by the recent acquisition of the reverse engineering company Zynamics. Meanwhile, Google’s major mobile platform is still in the process of reeling from its own security holes – which Google has little ability to patch in a timely manner, thanks to the control over version releases that’s held by carriers.