March 31st, 2011 | Published in Google Online Security
The new version of Google Chrome is not only speedier and simpler but it also improves user security by automatically disabling out-of-date, vulnerable browser plugins.
As browsers get better at auto-updating, out-of-date plugins are becoming the weakest link against malware attacks. Thousands of web sites are compromised every week, turning those sites into malware distribution vectors by actively exploiting out-of-date plugins that run in the browser. Simply visiting one of these sites is usually enough to get your computer infected.
Keeping all of your plugins up-to-date with the latest security fixes can be a hassle, so a while ago we started using our 20% time to develop a solution. The initial implementation was a Chrome extension called “SecBrowsing,” which kept track of the latest plugin versions and encouraged users to update accordingly. The extension helped us gather valuable knowledge about plugins, and we started working with the Chrome team to build the feature right inside the browser.
With the latest version of Chrome, users will be automatically warned about any out-of-date plugins. If you run into a page that requires a plugin that’s not current, it won’t run by default. Instead, you’ll see a message that will help you get the latest, most secure version of the plugin. An example of this message is below, and you can read more about the feature at the Chromium blog.