Google has released the third beta version of Chrome, the browser it introduced nearly two months ago, to fix a single security vulnerability and address several other problems.
Chrome 0.3.154.9 will be automatically pushed to current users, said Mark Larson, the browser's product manager.
Users who had set Chrome to receive the more frequent developer updates have had most of the fixes and changes in 0.3.154.9 for some time, however.
Larson characterised the one bug patched in the update as a "medium" threat and said the fix shut down an address-spoofing flaw that attackers could use to trick users into thinking they were at a safe site when they were actually visiting a malicious or phishing URL.
Also integrated into 0.3.154.9 were several non-security fixes as well as a number of design changes. Among the latter was a modification to the way the browser handles downloads of executable files. That change, though designed to block a months-old "carpet bomb" bug that could be exploited to dupe users into downloading and launching malware, was criticised last week by the security researcher who reported it to Google as a short-term fix only.
"The best solution was if they just won't download the files until the user approves, or download them to a random directory ... as it's done with other browsers, like Internet Explorer's Temporary Internet Files folder or Firefox's random profile directory," said Israeli research Aviv Raff last week.
Google also modified Chrome's site indexing, which the browser uses to call up previously-viewed URLs when users type search criteria in the address bar. "We no longer store data from secure sites (they use https: and show a lock in the address bar) in your history," said Larson in the 0.3.154.9 release notes. "You can still search your history for the site's address, but not the contents on the page."
The search giant has struggled to walk a line between usability and privacy at times. Shortly after it unveiled Chrome, Google was hammered by privacy advocates for recording every keystroke entered into the browser's address bar, then sending some users' data to its servers for examination. Bowing to pressure, Google said it would render that data anonymous within 24 hours.
Other changes Larson pointed out included improvements to Chrome's handling of popular plug-ins, such as Adobe System Inc.'s Flash, Apple Inc.'s QuickTime and Microsoft Corp.'s Flash and Windows Media Player. "We fixed issues with video not loading, stopping after a second and slowing down or freezing Google Chrome (100% CPU usage)," said Larson.