Google overhauls Chrome browser security with pdf plug-in

Google has started overhauling the security of its Chrome browser, and is starting with the plug-in that allows the browser to read PDF files, a tech site reported Tuesday night. CNET said the work likely stemmed from pronouncements made to the effect last May by Linus Upson, vice president of engineering for the Chrome team. It said references to a native PDF reader are cropping up on the NaCl bug-tracking database, with initial problems including scrollbar rendering, Gmail integration, loading PDF files, and displaying URLs when the mouse pointer hovers over a link. The CNET story also indicated the work is due for completion in time for the release of Chrome 14. Chrome’s latest stable version is 12, while its latest beta version is 13. CNET said NaCl is a technology for running software within the confines of two protected sandboxes. “Google initially pitched Native Client as a way to accelerate Web applications to native-app speeds. It demonstrated its use in processor-intensive operations such as photo manipulation and playing the game Quake," CNET said. But CNET said Google may be planning to rebuild Chrome itself as a NaCl package, to add an extra layer of security to the software and make it much harder to exploit the browser, or the Chrome OS operating system. But for now, Native Client is a plug-in built into Chrome and uses a plug-in interface called Pepper. “It’s not clear exactly how long it will take to rebuild all of Chrome atop NaCl. Native Client itself isn’t finished; for the present it’s off by default, though people can experiment with it by enabling it by typing ‘about:flags’ into the address bar," CNET said. On the other hand, CNET said Native Client may potentially open new security vulnerabilities, although it has passed one security exam – an endorsement of sorts from John Carmack, the iD Software programmer who created Quake and Doom. Carmack compared Native Client to WebGL, a new standard for building hardware-accelerated 3D graphics into the Web. WebGL has come under security scrutiny by Microsoft and others. “NaCl is much, much easier to make secure than WebGL, even though it sounds scarier," CNET quoted Carmack as saying. — TJD, GMA News