Google is expanding the use of its Chrome browser beyond just single user environments.
Google is now out with a new Chrome 16 stable release that includes a new user profile capability as well as providing security fixes to the browser. The new Chrome release caps off a solid year for Google’s web browser, as it continues to gain ground in the competitive browser market against rivals Internet Explorer and Mozilla Firefox.
The new user profiles feature in Chrome 16 enables multiple users to sync their browser data and preferences across multiple devices.
“Keep in mind that adding new users to Chrome isn’t intended to secure your data against other people using your computer, since it just takes a few clicks to switch between users,” Tim Steel, Software Engineer at Google wrote in a blog post. “We’re providing this functionality as a quick and simple user interface convenience for people who are already sharing Chrome on the same computer today.”
While the new profile syncing capabilities are not about security, there are a lot of other things that Google has done to improve security in Chrome 16. Google is patching at least 15 security vulnerabilities in the new browser. Of those, six vulnerabilities are rated as being high risk.
Among the high risk flaws, five are related to memory errors, including three use-after-free conditions. A use-after-free vulnerability occurs when an attacker is potentially able to make use of a memory allocation that was authorized for an operation that is not running. The use-after-free errors fixed in Chrome 16 include one for SVG filters, one for range handling and one for bidi (bi-directional) handling.
There is also a high impact vulnerability for a URL bar spoofing issue that could potentially expose Chrome users to risk.
As part of Google’s ongoing efforts to work with the security community, they paid out $6,000 is security awards to researchers that helped in the discovery and reporting of flaws fixed in Chrome 16.
While Google’s work with external security researchers is important, Google also has its own internal efforts that played a big role in the security fixes for Chrome 16. As was the case with the Chrome 15 release at the end of October, Google was able to use its own open source AddressSanitizer application to help detect some of the fixed flaws. AddressSanitizer is a memory error detector for C/C++ and is able to help identify out-of-bounds access issues as well as use-after-free memory conditions.