Google Chrome Beta 14.0.835.35

Gotcha, thanks

 

I honestly only doubt that they broke the sandbox because it would be all over blogs etc.

 

I'm not so sure, we all know vendors have a habit of quietly fixing things and not releasing information about it except to say "it's fixed". They do that for a reason of course, but it's entirely possible that it has happened, but the finder of the flaw went straight to Google and everybody kept it on the down low. Believe me, I'm not trying to start a "Chrome is not as secure as you think" fight, I'm only saying that these things are possible (and eventually going to happen). Unless Google tells us exactly what the critical issues were, all of us are just speaking our opinions.

Back to v14 now before I get into trouble

 

From the Computerworld article linked by moontan...

My comment is, wtg!
My question is, do any of the browser companies give access to bug-tracking databases for vulnerabilities before users have had time to update?

 

I'm sure multiple security vulnerabilities exist in my sandbox. I only mean that Chromium is open source and if a bug was patched we'd probably hear about it.

On top of that when Vupen came out with their exploit it was a huge deal because it was "the first."

I assume the bugs were open at some point. Maybe not.

 

I haven't checked all Critical bugs from April, but I checked 3 of them, and all 3 had to do with a vulnerability in Adobe Flash Player*.

* They were reported as such by the researchers.

I'm assuming that Adobe Flash Player's security bugs are also considered Chrome bugs, since Chrome does bundle it.

-edit-

Looking at http://googlechromereleases.blogspot.com, I believe those 3 were the only Critical bugs in April.

 

Speaking of bundling AFP, it sure is nice to not have to mess around with updating it all of the time. Just another advantage to running Chrome.

 

Yeah, believe me, I will happily allow Google to do that work for me. Now if we could just work magic and get them to sandbox Java, we'd be dang near set

 

Let's grab some bats (not the baseball ones ) and head over Oracle's headquarters.

 

Right behind you, lead the way

 

If it's Java running in Chrome and Chrome is sandboxed in Sandboxie, Java is sandboxed, no?

 

Yeah, if you allow the java process to run in the same sandbox you made for Chrome, but one could argue Chrome doesn't really need Sandboxie So, it can still be a problem.

 

OK... This ComputerWorld's paragraph is misleading:

I've only found 7, since January. I don't think 7 = several, does it?

 

Several implies more than 1 or 2, so yep Really it's a matter of opinion, 7 is very few, in my book. To a security nut or researcher, that might be a lot.

 

What do they think about the High ones, then? lol

 

I imagine said security nuts are on their way to ERs around the world to treat the heart attacks that 15 high rated issues caused

 

You lost me, dw.
But this much I know... Chrome gets forced to open in Sandboxie in my little computer world.

 

Where did you get lost at, Page? Just follow the blinking light from my flashlight, we'll get you home Okay, when Chrome needs Java, it calls out to the java process. If you're running Chrome inside Sandboxie, but haven't set up Java to also run within that box, Sandboxie is gonna throw a fit and holler about Java being denied, and whatever asked for Java to begin with is either going to sit and do nothing, or flash it's own warning about not detecting Java.

 

Thanks for the blinking light, dw!
Well, I don't have Java configured inside the Chrome sandbox for either internet access or start/run access... no fits to speak of. Is it possible that I haven't gone anywhere or done anything that needs Java?

And why is it a problem to "allow the java process to run in the same sandbox you made for Chrome"?

 

No no, it's not a problem to run Java in the same box as Chrome. In fact, you have to, if you want Java to work Is your sandbox by chance running in its default config, meaning you haven't set up any start/run/internet restrictions in it? If that's the case, then no, you won't run into issues with Java and Chrome, as everything is allowed to run in that sandbox.

If you have set up restrictions, but not included Java, then yes, it's because you haven't needed to use Java yet.

 

Yep, I have restrictions without Java.

 

Then unless you allow Java in the sandbox, Sandboxie is gonna get mad soon enough

 

Thanks guys for the explanation. I still use Firefox as my main browser but in a pinch, use Google Chrome and have noticed the well, not so good ad blocking.

I'm looking forward to these improvements.