REALTIME IT NEWS

Blogs | 7 Day Summary | JustTechJobs

Newsletters

Select newsletters below and click the button to sign up!

Become a Marketplace Partner

Partner With Us

Internet.com / Blogs

All Internet.com / Blogs

Internetnews Bloggers

Recent Entries

Archives

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio )

A command line view of IT

« Google to make the web SPDY with new web protocol | Sean Michael Kerner Blog | Does Mozilla's Jetpack gallery spell the end of add-ons? »

Google patches Chrome for Apple WebKit flaw

By Sean Michael Kerner on November 13, 2009 9:37 AM

From the 'Shared Security Risk' files:

Yesterday morning I blogged about the Safari 4.0.4 update commenting that WebKit is used by both Apple and Google for their respective browsers. I also wondered if Google's Chrome was vulnerable to the same WebKit issue that Apple patched.

Turns out I was right.

Late Thursday, Google released Chrome stable 3.0.195.33 which fixes the same Cross Site Request Forgery (CSRF) issue that Safari 4.0.4 fixed. In fact, Google doesn't even have its own specific advisory on the Apple WebKit issue, they just point to Apple's support notice.

Does this mean that Chrome users were potentially at risk for a period of time longer than their Safari cousins? Well yes, but for a very slim amount of time and for a flaw that Google says has a very low risk.

That said, as I wrote yesterday, it's still very interesting to take note of the shared WebKit flaws between Apple and Google. While both vendors actively contribute to WebKit development they both also share its risks.

Chrome 3.0.195.33 is a stable-channel release which at this point is just Windows. Google has not yet moved its Mac and Linux versions up to the stable level. Though stable releases are likely in the near term pipeline.

Google's Chrome OS which could get its first public preview this month is based on Chrome and uses Linux as its underlying operating system. It only makes sense in my view, that if Chrome OS is gearing up for release, then so too is a Chrome stable release for Linux.

From my own use case perspective, I've been running Chrome on Linux (dev-channel) for several months and it's quite stable for daily usage. No it hasn't replaced Firefox on my Linux desktop as my default browser, but it is certainly now a viable alternative.

Permalink | Comments (0) | TrackBacks (0) | Share

Share this Article

Google Bookmarks

Yahoo Favorites

0 TrackBacks

Listed below are links to blogs that reference this entry: Google patches Chrome for Apple WebKit flaw.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/9272

Leave a comment