Chrome 8 Enhancements Include PDF Security
Adobe’s PDF format is the most popular printable-document format ever and it’s almost impossible to find a computer, device, or media viewing application incapable of displaying one. As a result, it’s also become a favorite target for worms and viruses, as extremely prevalent code therefore becomes a center of attention.
Amid a myriad of security fixes for Chrome 8, according to an article on CNET, the Google team has decided to make PDF reading safer for users by walling it off.
That means when people click a PDF link, the document will open directly in the browser. Chrome’s built-in PDF reader is also walled up within a sandbox, lowering the risk that security issues will escape a confined region of memory to facilitate a broader attack on a computer.
The PDF reader is among 800 improvements in Chrome 8, including 12 security fixes, according to a blog post yesterday by Chrome team member Jason Kersey. Google paid out $1,000 to each of three discoverers of high-risk vulnerabilities and $500 to two discovers of medium-risk vulnerabilities.
By using a “sandbox” technique, Chrome developers will make it so that even if the PDF code gets exploited by a virus or worm, the malicious code won’t be able to reach out into the Chrome application or the computer itself. It’ll be stuck in its own little padded room, where it’ll only be able to screw with the document and perhaps a few other things. With these sorts of enhancements in play, the Chrome browser will be able to resist attacks that attempt to exploit the 3rd party PDF code—a factor that reduces the security of many otherwise stable applications.
The bounty on vulnerabilities paid by Google also shows that the Chrome team is interested in being on top of issues rather than sweeping them under the rug. Paying rewards for people who find vulnerabilities happens to be part of an effort by corporate developers to get issues out in the open by encouraging disclosure (for the bounty) rather than exploiting it themselves. Certainly, a malicious hacker could use the exploit to her own ends—but within hours or days, someone else would discover the vulnerability, apprise Google, get the reward, and shortly the exploit would go away.
Amid other Chrome updates, Google said that Chrome 8 is the first to enable the Chrome Store…although there’s no indications of it in the interface yet.
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
