Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Google Software Technology

Google Quashes 13 Chrome Bugs, Adds PDF Viewer 177

CWmike writes "Google on Thursday patched 13 vulnerabilities in Chrome 8 (stable), and debuted Google's built-in PDF viewer, an alternative to the bug-plagued Adobe Reader plug-in, and included support for the still-not-launched Chrome Web Store. The 13 flaws fixed in Chrome 8.0.552.215 are in a variety of components, including the browser's history, its video indexing and the display of SVG (scalable vector graphics) animations. Next up: Adobe and Google have collaborated to put the Flash Player plug-in inside a sandbox within the dev build of Chrome, an effort by the two companies to better protect users from attacks."
This discussion has been archived. No new comments can be posted.

Google Quashes 13 Chrome Bugs, Adds PDF Viewer

Comments Filter:
  • So Adobe didn't mind helping Google, even while Google was developing a replacement for Acrobat Reader?

    Seems a little odd to me.

  • by McNihil ( 612243 ) on Friday December 03, 2010 @08:56PM (#34440450)

    Just tested it with chrome 9.x... the pdf rendering is ridiculously fast.

    • At first I thought you were joking when you said you were testing it with Chrome 9.x I didn't even know Chrome 8.x was out.

      Am I just getting old or are these releases abnormally fast?
      • How else were they going to get a release of Chrome 9, before IE9 comes out?
      • Here's how it works: when Chrome 8 is branched to beta, trunk becomes Chrome 9. At first the difference is purely cosmetic.
        But yes, Chrome N+1 is born at the same instant Chrome N goes to beta. From the next canary or dev release on you will see Chrome N+1 versions, though differences between them and Chrome N (already in beta) may be very small.

    • It does render very fast, but certain things were just awful when this was present in the Dev channel and convinced me to disable the thing. Last time I played with it, selecting text to copy and paste worked dreadfully. Letters would be dropped or the text would select in unpredictable ways. Additionally, printing the PDF resulted in something that looked exactly nothing like the PDF document I was using. I found the latter particularly silly given the design intent and implementation of the PDF docume

    • by mcrbids ( 148650 )

      IT'S ABOUT F!~@#NG TIME!!!

      My small company develops document management systems for education. PDF is the standard of choice because it's open and cross platform. The problem is that Adobe sucks so horribly bad that we've actually taken to recommending Foxit as a "better than" solution, even though it has its own set of warts. Sure, Adobe makes its money on Acrobat, and the Adobe reader is a gimme, but why couldn't they make the gimme actually work?!?!?

      Rendering a PDF inline works less than 30% of the time

  • PDF viewer (Score:5, Insightful)

    by hether ( 101201 ) on Friday December 03, 2010 @08:56PM (#34440454)

    "The viewer renders PDF documents as HTML-based pages"

    I hope it does a better job than the PDF viewer built into Google search...

  • by haruchai ( 17472 ) on Friday December 03, 2010 @08:59PM (#34440470)

    It's been in the dev or beta channel for a while. Works fine and hasn't choked on any PDFs I've viewed with it yet.

  • One of the biggest problems with Adobe Acrobat Reader is that attackers can run exploits via embedded flash ... since Chrome supports flash, does that mean it will support flash in the PDFs it converts to HTML? I hope not, or at least not by default.

    I'd like to see Chrome come with a dummy app that pretends to be a PDF reader which merely runs a specialized window holding the document content in a manner akin to your typical PDF viewer. This would help people stop wean themselves off of Acrobat Reader.

  • All this enhancement sounds great, but I wish they would concentrate on compatibility with web sites first. There are too many sites that don't work well with Chrome and I am tired of getting warnings from popular sites that warn me about running an unsupported browser.

    • Re:whoop dee doo (Score:5, Informative)

      by onefriedrice ( 1171917 ) on Friday December 03, 2010 @09:55PM (#34440790)

      All this enhancement sounds great, but I wish they would concentrate on compatibility with web sites first. There are too many sites that don't work well with Chrome and I am tired of getting warnings from popular sites that warn me about running an unsupported browser.

      Any examples you can come up with, because I have no idea what you're talking about. WebKit is extremely compatible (it's one of the most popular HTML engines out there), and I don't know of any incompatibilities with Chrome's Javascript VM either, so... I guess I'll just have to call BS.

      • I don't think he knows the difference between a browser being compatible and a website sniffing browsers and sending an unwarranted warning.
      • I typically use IE for hardware configuration duties, like HP switches and Cisco wireless access points. Those devices don't get their web interfaces updated particularly often and they were developed as much as a decade ago when IE was the most popular and non-standards-based browser. Trying to view the sites in Firefox, Chrome, Opera, or Safari often results in a broken interface and broken control.

        But that's a pretty outlandish thing to use as an example of Chrome not being compatible.

      • by scragz ( 654271 )

        Netflix streaming said Chrome was incompatible last time I tried to use it. I've also had a lot of warnings on various sites that "all features may not be supported". As Mozilla knows, evangelism [mozilla.org] with major sites is as important as rendering bugs to the end user (me!). Usually everything just works or would work if they would unblock it.

    • by Zero__Kelvin ( 151819 ) on Friday December 03, 2010 @10:36PM (#34441018) Homepage
      Any website that warns about unsupported browsers is by definition designed by someone who doesn't know how to design websites. Properly designed websites follow standards, and web browsers comply with those standards. When a web developer speaks in terms of which browsers they do and don't support that is a direct indication that they don't understand even the most basic and fundamental concepts of website design.
      • by catbutt ( 469582 )

        When a web developer speaks in terms of which browsers they do and don't support that is a direct indication that they don't understand even the most basic and fundamental concepts of website design.

        Well, with the exception of IE6. I wouldn't fault a site for not caring anymore if their site looks crappy on IE6.

        • by tepples ( 727027 )

          I wouldn't fault a site for not caring anymore if their site looks crappy on IE6.

          But I would fault such a site for not including a (tasteful) ad for Google Chrome Frame at the top of pages served to IE <= 7. Chrome Frame is a browser helper object that uses the Chrome engine for pages that opt in to Chrome rendering using a <meta> element.

          • I'd love to push chome frame for browsers = ie10... how about supporting linear gradients for backrounds, or any number of other features far more widely useful ocer canvas... css3pie breaks in ie9, and the dx based gradient filter doesn't support stop points, or work with their border radius implementation.
      • web browsers comply with those standards.

        Unless, of course, the maker of the web browser is using the lack of compliance with standards in older versions of the browser as a tool to sell another product that the web browser requires. I routinely get banner ads for IE 9 when browsing with Chrome under Ubuntu 10.10 or Firefox under Windows XP; I click them and they end up being ads for Windows 7.

        • You know IE8 passes acid2 (the test for the current web standards) just fine with the default settings, and IE9 gets a 95 on the acid3 test. It's not 100%, like Webkit, but then again acid3 has been strongly criticized for cherry-picking elements that are still in the working draft (i.e. not even finalized).

          In other words, Internet Explorer is 100% standards compliant, and will likely comply with the new standards as soon as we actually have a new set of standards.

          Cut the FUD please, it doesn't help.

          • You know IE8 passes acid2

            Which is why I still test on IE >= 8.

            IE9 gets a 95 on the acid3 test.

            Which is comparable to Firefox. But there are more copies of Windows on which IE 9 doesn't run than on which IE 9 does run. The first result [netmarketshare.com] from Google windows market share states that as of November 2010, Windows Vista and Windows 7 combined make about 32 percent to Windows XP's 58 percent.

      • by Kjella ( 173770 )

        The kind that says "We haven't tested it on your browser, we don't guarantee it'll work and if it doesn't we don't guarantee we'll fix it but here's our site anyway" is quite legitimate if you ask me. Even when I've had a site work properly on IE (with IE-specific hacks), Firefox and Opera - this was before Chrome - and the W3C validator, I got reports about a rendering bug in Safari. And I have spotted rendering differences between Firefox and Opera too, so this "create once to standards and it'll work eve

        • I totally agree with you. What you are talking about is completely different from supporting browsers. This site supports HTML5 and CSS, and has been tested with IE7, IE8, Chrome, and Firefox is completely different from saying that we support a particular browser or a few select ones.
        • Exactly.

          It's pretty simple really, if someone bitches about X browser not working, and you aren't going to fix the site when that's the only browser that has a problem, then that browser is unsupported.

          If someone bitches about Y browser not working, and you are going to fix the site so that particular browser works correctly, then that browser is supported.

          It doesn't matter if anybody ever actually bitches about the browser not working, if you never plan on fixing problems specific to that browser then it i

  • Talk about undoing your own work, huh?

    • by Burz ( 138833 )

      Talk about undoing your own work, huh?

      Indeed. I wonder if the PDF viewer has a sandbox too. If not, then they could be opening up an even bigger can of worms!

    • As a security tester by profession, I *really* want to run some fuzzing tools over that PDF reader. In fact, I might just do that. Coming up with a proper minset without using the resources at work would take time, though.

      • by sl149q ( 1537343 )

        Who cares ... if there is a problem it will result in some anonymous server in the cloud getting infected :-)

  • by PRMan ( 959735 ) on Friday December 03, 2010 @09:57PM (#34440810)

    Does it fix the "I can't paste into a textarea" bug?

    I was using it instead of Firefox, but that one's a dealkiller for me.

    • by PRMan ( 959735 )

      Can't paste my quote...

      Nope.

    • by tyrione ( 134248 )

      Does it fix the "I can't paste into a textarea" bug?

      I was using it instead of Firefox, but that one's a dealkiller for me.

      Nope. It's a joke that even 9.0.597.0 dev still can't manage this simple behavior.

    • This has been annoying me for awhile now. Where's a bug we can all vote for and Slashdot?

      • by Tynin ( 634655 )

        This has been annoying me for awhile now. Where's a bug we can all vote for and Slashdot?

        If I were to guess, it would be due to the two buffers X Windows uses [davidsimmons.com] (and since it is X Windows, most Linux OS's suffer the same issue), the clipboard buffer, and the primary buffer, have been an ongoing train wreck for years. It is like a few developers don't want to change the way they do things, and don't share best practices for which buffer to use and when.

        Even the current Ubuntu LTS 10.4 suffers from it (not tried it again in the current release, but it has been a problem for a long time on several

        • That doesn't seem to work in this case -- I've tried Kate.

          What I don't get is when one of the buffers is clearly empty -- it's not pasting garbage, it's pasting nothing -- why wouldn't it check another? And why is this even an issue? On my system, I use Firefox or Chrome, depending on the situation. Both use GTK+. Why would this bug only affect Chrome, and only on certain websites, under certain conditions? Why do I never see this issue anywhere else? Why will it paste into other locations in Chrome, like t

        • Happens in the beta channel builds on some of my win 7 machines too, not just linux... really annoying. I use it as my main browser now, but tempted to go back to firefox... chrome works better ovia my employer's proxy than FF, annoying..
        • Re:Where's the bug? (Score:4, Informative)

          by pclminion ( 145572 ) on Saturday December 04, 2010 @12:42AM (#34441604)

          If I were to guess, it would be due to the two buffers X windows uses

          How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

          It's fucking ridiculous, it happens with no other site but this one, and the fact that Slashdot has done nothing to fix it in the past MONTH that it's been going on, is absolutely incomprehensible to me. What. The. Fuck. Find the problem and fix it.

          Even if it's somehow a bug in Chrome, I laugh out loud at the prospect of switching away from my preferred browser because one site on the Internet can't be assed to worked around the problem. I'd rather abandon Slashdot than abandon Chrome, and that's saying something.

          • by tebee ( 1280900 )

            How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

            And how do you explain that copy/pasting your comment just worked for me on XP? ( Chrome 9.0.597.0)

            • by Qzukk ( 229616 )

              Because pasting into a completely empty box works. Try typing <a href=" and pasting a link.

              If it works for you it's because it's fixed in Chrome 9 now.

              • by tebee ( 1280900 )

                test [davidsimmons.com]

                  Because pasting into a completely empty box works. Try typing a href=" and pasting a link.

                Yep that seems to work - so this is fixed in Chrome 9 then? One more bug quashed !

              • Testing a link [slashdot.org]

                Yep, works just fine in Chrome 8.0.552.215 on Windows 7.

          • How does that explain the fact that I had to manually type in the above quote, and I'm running Windows 7?

            Pasting in an empty textbox. Typing first, then pasting. All works just fine for me. Chrome 8.0.552.215 on Windows 7 64-bit.

          • I've also seen the bug in Safari on OSX. Intermittent, but I've seen it. I could even see that the text was pasted in and then immediately cleared out. I assumed it was some kind of JavaScript bug on Slashdot itself.
        • Unless Windows 7 64 Bit is using X Windows the problem is not contained to *nix. It's happening on all three Win 7 stations that I have too, so it's not exactly a rare glitch. Oddly it only started happening after the upgrade to 8.

          I really like Chrome for its speed but this copy/paste bug is killing me.

        • by Omestes ( 471991 )

          It still is a problem, although not as common, on Window's Chrome. So I doubt X is the complete problem. The Linux (or at least Ubuntu, haven't ran out and ran it on every distro) implementation seems a bit worse than the Windows one.

    • by Qzukk ( 229616 )

      The bug report [google.com] has a workaround: create a bookmark for javascript:document.body.appendChild(document.createElement('div')); and click it whenever you want to paste into slashdot. No idea why adding an empty div to the end of the page makes it work, it probably forces chrome to re-parse slashdot's flaming pile of broken html to something that will actually work in the browser.

    • by Omestes ( 471991 )

      Does it fix the "I can't paste into a textarea" bug?

      It was still in the dev version, so I'm guessing not. I am using Chromium, and I did paste that; but it has always allowed me to paste in a fresh form, just not one that has text (sometimes), and never one that has characters before the paste (i.e. pasting after HTML tags).

      Oddly I mostly only notice this on Slashdot, it seems to work fine on most other sites; this might be because I mostly paste to Slashdot though.

      I keep on considering going back to Firef

  • Just download the unstable branch. It's as close to WebKit Nightly as you get for Chrome.
  • You start with something small and fast.

    Soon you're all about embedding this and that and everything else. Now you're all about bloat.

    See, I use foxit. I like foxit. I don't install the embedded reader because I don't like it to be embedded. That's my choice. You may not agree, but that's cool because that's what choice means.

    Now, Chrome embeds its own viewer. There goes my choice. There goes the lightweight browser. Hello monoculture software. Hello exploits.

    bah.

    • by Anonymous Coward on Friday December 03, 2010 @10:39PM (#34441048)

      about:plugins -> Chrome PDF Viewer -> Disable.

      or

      Options -> Under the Hood -> Content settings -> Plug-ins -> Block all.

      Also it's weird to say a plugin is causing bloat, when the plugin resides in a shared library, it only registers one embed handler, and is entered only when a PDF is viewed. It has zero runtime overhead and its .text section is shared between processes (iirc... loadlibrary on win32 does copy-on-write).

      • by CFD339 ( 795926 )

        Ok, good information. Not sure you'll know I said that, because its an AC post, but what the hell. Thanks.

        • by Guspaz ( 556486 )

          FYI, Google's using Foxit for the built-in PDF viewer. So, you know, this is kind of like you using Foxit, but with less bloat, since you don't need a completely separate application and UI to get the Foxit PDF rendering engine.

    • by Anonymous Coward on Saturday December 04, 2010 @12:12AM (#34441452)

      Hello monoculture software. Hello exploits.

      We embedded a viewer so that we could sandbox it. This makes exploits much harder to pull off. If you do manage to get a user to open a PDF that exploits a bug, the sandbox ensures that the process you now control is unable to access the filesystem or open network connections, and will be killed if it tries.

      99% of users don't know what a plugin is, and won't keep them up to date unless the process is totally automatic. Chrome got this right: Updates are silently downloaded and applied unless you go out of your way to disabling them. Making the PDF plugin a part of Chrome allows chrome updates to update the plugin. Chrome's track record fixing security bugs fast is far better than the record of the PDF plugin that virtually all Windows users most user have.

      If you don't want to use the fast, small, sandboxed PDF viewer that gets security updates, go to about:plugins and click disable. Nothing stops you from using other plugin if you want to.

    • > See, I use foxit. I like foxit.

      you may be interested to know that Chrome seems to be using Foxit for their plugin:
      http://googlesystem.blogspot.com/2010/08/google-chromes-pdf-plugin-uses-foxit.html [blogspot.com]

      plus additional sandboxing, for extra security.

  • by bogaboga ( 793279 ) on Friday December 03, 2010 @10:48PM (#34441108)

    ...and here's why:

    The fact that after all these releases, Google still does not see it prudent to had 'print preview' added to Chrome as one of its features.

    Folks, this feature is a killer for me...and I am not alone. Trust me on this.

  • Finally! (Score:4, Insightful)

    by 93 Escort Wagon ( 326346 ) on Friday December 03, 2010 @10:58PM (#34441150)

    I'm not a fan of PDF at all - but if you want to use a browser for work, decent PDF handling is a necessary evil. The old "solution" - pulling the PDF into Google Apps - couldn't handle PDF files accessed through https. That made it a non-starter in my work environment.

    All you young'uns are free to bitch and moan about PDF itself; but in the real world you usually have to be pragmatic.

    • by devent ( 1627873 )
      So your work environment don't have a PDF viewer installed? Furthermore, there is a Firefox and a IE plugin/addon to see PDF files inside a browser, no need for Google Apps.
      • So your work environment don't have a PDF viewer installed? Furthermore, there is a Firefox and a IE plugin/addon to see PDF files inside a browser, no need for Google Apps.

        We're talking about Chrome, not Firefox or Internet Explorer.

  • For months, the basic ability to copy and paste text in chrome has been broken. Its not just me, others have noted it, even bloggers noting it.

    To read and comment on slashdot I *have to * use firefox. to do the basic task of quoting someone. ctrl-c gets it to the clipboard and I can paste to notepad, but cant to the reply form field.

    To quote from the film 300: This is madness.
    • by Qzukk ( 229616 )

      Have you had the problem anywhere other than slashdot?

      Anyway, some guy figured out that you can fix pasting in slashdot by adding a div to the end of it. Just create a bookmark on the bookmark bar for javascript:document.body.appendChild(document.createElement('div')); and click it whenever you open a slashdot story.

  • Oh finally those annoying page breaks in pdf are gone. I mean, time after time i switch to "continuous" mode, but, always, they were coming back. You click the scrolling arrows, but pdf shows the page it wants to show, not the one I want, so annoying it was.

    But it is gone now!

  • PDF for Chromium? (Score:2, Informative)

    by david.given ( 6740 )
    I'll admit to not being terribly interested in PDF for niche OSs like Windows --- although on the few occasions I have to boot Windows I admit that I find myself actively enjoying not loading Acrobat Reader --- so I'm more interested in whether PDF viewing is available for Chromium yet. PDFs are hateful, but sometimes I have to read the damned things, and even apps like evince are cumbersome and slow. Chrome's inline PDF viewer is awesome, fast and slick and best of all, largely invisible; PDFs just work, w
  • Okay so that's a (very) nice addition for Windows users, but what about Mac OS X, which handles basic PDF files just fine? Is the built-in PDF viewer only in the Windows version of Chrome? If not, can we disable it?

Be sociable. Speak to the person next to you in the unemployment line tomorrow.

Working...