Google closes OpenSSL leak in Android version Chrome – update
Google rolled out an update to Chrome for Android this weekend, which the internet giant closes a vulnerability that was created by a leak in OpenSSL. That bug allowed for a man-in-the-middle attack.
The attack only worked if the victim also uses OpenSSL and could only be executed if both the server and client are vulnerable to the bug. Other than users of the Android version of Chrome, those of other browsers, including the Chrome desktop version, had nothing to fear. Those browsers use a different ssl/tls library than OpenSSL.
In addition to bug fixes, the latest Chrome version also incorporates new features that have been available for the mobile browser for several weeks. For example, Chrome 35 allows users to cast videos to Chromecast. In the test period a few months ago, YouTube support was still missing, but it is not clear whether Google has added this.
The most recent Android version of Chrome also shows a button at the bottom of the screen every time a tab is closed that allows you to unclose the tab. With this, Google caters to users who sometimes accidentally close a tab. This functionality has been around for some time in the desktop versions of browsers such as Chrome and Firefox.
Also, better support for HTML5 videos is built in. Those videos can now also be played full screen and with subtitles with separate buttons.
Update, 12 noon – Initially it seemed that casting to Chromecast is new, but this turned out not to be the case thanks to the feedback. The article has been rewritten and now opens with the OpenSSL bug, for which Google rolled out a bug fix last weekend.