Mini-Newsletter From Your Google Chrome Security Team

We’re always working hard to enhance the Chrome browser with bug fixes, new defenses and new features. The release of Chrome 10 is no different, and there are some items worth highlighting:
Chrome 10: Flash sandboxing
With Chrome 10, our first cut of the previously announced Flash sandboxing initiative is now enabled by default for the Windows platform on Vista and newer. Additionally, because we automatically update Flash to the latest and most secure version, this should provide useful defense in depth.
Chrome 10: Out-of-date plug-in warnings
As we previously mentioned, we believe that some of the most significant opportunities to increase user security revolve around plugins. We’ve made a number of improvements in this area, including actively encouraging users to update their plug-ins to the most secure version. Chrome now detects when a plug-in is out of date and blocks it with a simple infobar. This infobar helps guide the user towards updating their plug-in with the latest security fixes.
Chrome 10: Plug-in blocking enhancements
Some of our more advanced users prefer fine-grained control over which plug-ins they wish to run — which can have security and privacy benefits. Chrome has long had a feature which blocks plug-ins by default (Wrench menu -> Preferences -> Under the hood -> Content Settings -> Plug-ins). We’ve improved this feature by adding a context menu to the blocked plug-in placeholder. This menu lets users control which plug-ins do and do not run. Using a context menu helps prevent clickjacking attacks that try to bypass the block. Plug-in placeholders can also be hidden (for example, if they are floating over and obscuring real content), and the actual plug-in that wishes to run is made apparent.
Chromium Security Rewards program still going strong
We mentioned in passing in the 9.0.597.107 release notes that our rewards program has passed $100,000 of rewards. We’d like to re-iterate our thanks to all the named researchers in our Hall of Fame. We’re continually delighted with the stream of interesting and clever bugs that we receive, so it will be exciting to see what the rest of 2011 brings. Remember, we love giving out money!
Still hiring!
We are always looking to expand the Google Chrome Security Team, and we’re looking for a wide range of talents. We can promise exciting and varied work, working to protect hundreds of millions of users and working alongside the best in the industry. Why not have a look at our job posting?

Join the League of Extraordinary #H4ckers at SXSW!

Heading to Austin, TX for South by Southwest (SXSW) this week? Good — so are we. And we’re planning what I hope will be a an event for the ages!

The festivities start at 1pm on March 13 with the opening of The League of Extraordinary Hackers followed by a very special SuperHappyDevHouse at 7pm at the Speakeasy on 412 Congress Ave in Austin.

Business by day, hacking by night

From 1pm to 6pm, we’ll be hosting a series of 15-minute rapid-fire API briefings focused on Google’s latest developer offerings including: Android, Chrome, HTML5, Blogger, Google TV, Google Maps, App Engine, YouTube, Web Fonts, Cellbots, and Fusion Tables. Immediately following each talk, the speakers will be holding court during office hours in Speakeasy’s open air rooftop lounge.

At the same time, we’ll be demoing Google TV and the YouTube Leanback experience in the Leanback Lounge on the second floor. And if you’re just looking for a place to chill, meet other Google developers, or grab free WiFi and juice for your devices, we’ve got you covered in that department as well.

Yes, this is one of our drink cards.

At 7pm, we’ll welcome the SuperHappyDevHouse community for a night of hacking, lightning talks, a LEGO® MINDSTORMS® sumobot competition (!), steampunkery, and Google TV and Xbox 360® Kinect tomfoolery. And if a soundtrack co-curated on Rdio weren’t enough to make your booty move, then come get loosened up with League-inspired elixirs concocted by Google’s own mixologist, Daniel “Gin not Vodka” Nadasi!

This event promises to be one-of-a-kind and a rare respite from the pure partying events at SXSW. Of course it wouldn’t be possible with a great cast of sponsors including Google, Windows Live, The LEGO Group, NPR, Sencha, Red Bull Creation, Twilio, and Rdio.

Get on the list and invite your friends

Since we’re managing attendees separately, the most important links you need are the ones that get you in (and get you free drinks!):

  1. RSVP for The League of Extraordinary Hackers
  2. RSVP for SHDH@SXSW

You can also find these events elsewhere:

  1. The League of Extraordinary Hackers is on Facebook, Plancast, and Lanyrd
  2. SHDH@SXSW is on Facebook, Plancast, and Lanyrd

Planning a Trip with Bing Maps & Windows Mobile

Bing Maps on Windows Mobile is great for finding locations and getting directions while you’re being mobile, but what if you want to save a whole group of locations to visit on your trip? Check out this technique