Chrome Security and Mail Compatibility Update, New Chrome Ad from Google Japan
Google has recently issued and update for their take on the browser, mainly Chrome 1.0.154.46 which is meant to address a couple of security and compatibility issues that plagued the software. On the compatibility front, it must be said that it is now possible to access Yahoo! Mail and send out emails; it is also possible to access Windows Live Hotmail thanks to a spoof that puts an Apple Safari cloak on Chrome.
Product Manager with Google Chrome, Mark Larson explains: “While the Hotmail team works on a proper fix, we're deploying a workaround that changes the user agent string that Google Chrome sends when requesting URLs that end with mail.live.com. If you've been using the --user-agent switch to use Hotmail, you can remove the switch from your shortcuts with this release.”
To put it simply, Windows Live Hotmail is tricked into believing that the visitor is using the Apple developed Safari browser, not Google’s Chrome. One might even suggest that Microsoft has something against Google and is trying to fend off the Chrome browser. But according to Omar Shahine, the problems between the two are not Microsoft’s fault; the case is simply that so many Hotmail users do not use Chrome that releasing an out-of-date fix would not be justified.
Security-wise, with Chrome 1.0.154.46 Google has plugged two holes which plagued the Adobe Reader plug-in which “could allow a PDF document to run scripts on arbitrary sites” and a hole in the V8 JavaScript engine which “could allow bypassing same-origin checks in certain situations”.
Security researchers are warning users of another problem: clickjacking . Microsoft has recently fitted Internet Explorer 8 Release Candidate 1 (IE8 RC1) with clickjacking protection, and according to security researcher Nishad Herath Opera 9.63 is protected as well. Google Chrome is said to have fixed this problem with 1.0.154.46, meaning that the only mainstream browser to remain unprotected is Firefox 3.0.5.
Nishad Herath explains: “Clickjacking means that any interaction you have with a Web site you're on, for example like clicking on a link, may not do what you expect it to do. You may click on a link that looks like it's pointing to a picture on Flickr, but in reality, it might first direct you to a drive-by-download server that serves malware. These types of attacks can be used to make you interact with Web services you're already logged onto in ways that you would never want to, without you even knowing that it has happened.”
On a much happier tone, Google Japan has released a new ad for Chrome which you can watch here.
Product Manager with Google Chrome, Mark Larson explains: “While the Hotmail team works on a proper fix, we're deploying a workaround that changes the user agent string that Google Chrome sends when requesting URLs that end with mail.live.com. If you've been using the --user-agent switch to use Hotmail, you can remove the switch from your shortcuts with this release.”
To put it simply, Windows Live Hotmail is tricked into believing that the visitor is using the Apple developed Safari browser, not Google’s Chrome. One might even suggest that Microsoft has something against Google and is trying to fend off the Chrome browser. But according to Omar Shahine, the problems between the two are not Microsoft’s fault; the case is simply that so many Hotmail users do not use Chrome that releasing an out-of-date fix would not be justified.
Security-wise, with Chrome 1.0.154.46 Google has plugged two holes which plagued the Adobe Reader plug-in which “could allow a PDF document to run scripts on arbitrary sites” and a hole in the V8 JavaScript engine which “could allow bypassing same-origin checks in certain situations”.
Security researchers are warning users of another problem: clickjacking . Microsoft has recently fitted Internet Explorer 8 Release Candidate 1 (IE8 RC1) with clickjacking protection, and according to security researcher Nishad Herath Opera 9.63 is protected as well. Google Chrome is said to have fixed this problem with 1.0.154.46, meaning that the only mainstream browser to remain unprotected is Firefox 3.0.5.
Nishad Herath explains: “Clickjacking means that any interaction you have with a Web site you're on, for example like clicking on a link, may not do what you expect it to do. You may click on a link that looks like it's pointing to a picture on Flickr, but in reality, it might first direct you to a drive-by-download server that serves malware. These types of attacks can be used to make you interact with Web services you're already logged onto in ways that you would never want to, without you even knowing that it has happened.”
On a much happier tone, Google Japan has released a new ad for Chrome which you can watch here.
