Chrome gets updated, Firefox 'Lorentz' enters beta

Google Chrome updates with seven security fixes, including four high-priority ones, while Mozilla releases its version of sandboxing in Firefox 3.6.4 beta.

The stable build of Google Chrome has updated, introducing seven security patches to the browser. Version for Windows incorporates four high-priority security fixes and three medium-priority ones.

The high-priority fixes, introduced Tuesday, correct type confusion errors with forums, memory corruption in the V8 JavaScript engine bindings, cross-site scripting vulnerabilities on the Chrome downloads page, and HTTP request errors. The first two corrections earned user "kuzzcc" $500 each in Google Chrome's vulnerability discovery rewards program.

The medium-priority errors involved local file reference through developer tools, cross-site scripting in chrome://net-internals, and the discovery that some external pages could load with the rights privileges of the New Tab page.

Firefox 3.6.4 beta incorporates out-of-process plug-in protections. (Credit: Mozilla)

Meanwhile, Mozilla has been moving forward with its Firefox 3.6.4 beta 1 for Windows, Mac, and Linux.

This latest Firefox beta test, introduced Friday, incorporates the long-awaited out-of-process plug-in proofing, code-named "Lorentz." The protection is similar to the tab sandboxing that Google uses in Chrome, but it's focused on preventing plug-ins such as Adobe Flash, Microsoft Silverlight, or Apple QuickTime from taking down the entire browser when they fail. These plug-ins run in a separate memory compartment.

This beta also fixes bugs that had prevented the Lorentz plug-in from working on Macs. Upgrading from Firefox 3.6.3 to Firefox 3.6.4 beta 1 on a Windows 7 computer required a computer reboot for unknown reasons. This seems to be the exception and not the rule, and the majority of users shouldn't experience it.