Chrome 14 to address security concerns

Security problems and a few fixes for them take the lead in the first release of Chrome 14 to Google's developer's build of the browser.

A new version of Google's JavaScript rendering engine and security fixes land in Google Chrome 14.0.794.0 dev today, available for download for Windows, Mac, Linux. The latest rough version of the browser improves secure HTTP support in several ways, updates the V8 JavaScript engine to version, and tightens security when installing Web apps from the Chrome Web Store.

A new infobar warns users when Chrome blocks a script from running. (Credit: Google)

The security changes are small but nevertheless could have a positive effect on your browser's security. Chrome 14 dev supports DNSSEC authentication for HTTPS, which strengthens the secure Web protocol, and Chrome 14 dev for Macs fixes invalid server certificate errors that were being generated for some secure sites that had untrusted roots certificate authorities. The Chrome Web Store now prompts with a native confirmation dialog box when installing a Web app, which streamlines how the Web store appears to integrate with your computer. SSL v3 server connectivity issues have been fixed, which will prevent some connections from being lost.

Google is taking HTTPS issues quite seriously and has taken steps to address mixed secure site scripting conditions in Chrome 14 dev. Just after announcing that Gmail will always load in HTTPS, the company has ensured that mixed secure site scripting conditions are blocked by default in Chrome 14 dev. The first is a command line flag that actually landed in Chrome 13 dev called --no-running-insecure-content for advanced users who want to help clean up sites with mixed secure scripts. Another flag is available that will block the display of insecure content, --no-displaying-insecure-content, but Google stated in the above-linked blog post that it will not block displaying insecure content by default since it's not as dangerous a use-case.

And in a hat-tip to the users and site administrators who may not have the resources to address the issue immediately, Google has included an inverse flag: --allow-running-insecure-content.

Also, Linux users get a makeshift multiple profile support button for creating different browsing profiles from within the browser.

There are some known bugs with Chrome 14 dev, including nonfunctioning keyboard volume controls within the browser and a browser crash related to reloading a site via HTTP Post, which most often appears as the confirmation page following a form submission from an online transaction.

Along with bumping Chrome dev to version 14, Google has moved its beta channel to Chrome 13. Chrome 13 beta (download for Windows | Mac | Linux) makes two notable changes to the browser. The first is the addition of pre-rendering technology that will make some Google search results appear "almost instantly," according to Google's Chrome blog. Since pre-rendering is a Web standard, it's not limited to Google and can be used by other Web developers. The second is a fix for a bug that's been annoying Chrome users since 2008: the lack of a print preview. Still no word on default support for RSS feeds, which requires users to install an add-on before it will work in Chrome.

The release notes for Chrome 14 dev are available here. Google's official notes on Chrome 13 beta can be read here.

Member Comments

Conversation powered by Livefyre