Google Security

Google banks on its own tech to protect Chrome users from another Heartbleed

As reported on Engadget.

BY STEVE DENT

Google New Laptop

Last month Google said that it was tired of mashed-together bug fixes for OpenSSL and decided to create its own fork called BoringSSL. It has now implemented that variant in thelatest Chromium build, the open-source software that eventually arrives in Chrome. OpenSSL is software used for secure connections — created largely by volunteers — and an overlooked code problem recently caused the infamous Heartbleed bug. When BoringSSL was first announced, there was some grumbling from the security community about yet another flavor of SSL. But Google said that with over 70 patches now in OpenSSL, it was becoming much too unwieldy to implement in Chrome. It added that it wasn’t trying to replace OpenSSL and would continue to send any of its own bug fixes to that group. It’ll likely be implemented in the next version of Chrome, but you’ll be able try the beta soonhere, if you’re feeling lucky.