Chrome for Android update strengthens sandbox

Chrome for Android update strengthens sandbox.


Chrome for Android18.0.1025308 is now available on the Play store Zoom

The Chrome version for Google’s Android mobile OS has beenupdated to improve the browser’s sandbox. The changes make it harder for malicious web sites to break out of their containment and compromise the rest of the processes running in the browser. Along with these improvements, Google closed seven security vulnerabilities that were rated at Medium threat level by the company.

The improvements to the sandbox in Chrome for Android 18.0.1025308are only available for phones running Android 4.1 (“Jelly Bean”), but the security fixes will be delivered through Google’s Play store to phones running Android 4.0 (“Ice Cream Sandwich”) or above. The fixes mostly deal with Universal Cross-Site Scripting (UXSS) vulnerabilities in the browser and other bugs that allow malicious web sites to gain access to data, local files and processes running in other Chrome tabs. A fix to the Android API prevents it from exposing JavaScript, and two fixes to the file:// URI scheme prevent disclosure of information and credentials through it. The developers also closed a hole that allowed a malicious local Android application to steal cookies from Chrome.

Known issues with this release of Chrome for Android are listed on the Chrome support web site and the release is available for download from Google’s Play store.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s