Showing more posts with label Stable updates. Show older posts

Stable Channel Update

Thursday, November 4, 2010 | 08:31

Labels:

Google Chrome has been updated to 7.0.517.44 for Windows, Mac, Linux and Chrome Frame on the Stable channel.  Along with the security fixes below, this build has an updated version of Flash.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [51602] High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar).
  • [$1000] [55257] High Memory corruption with enormous text area. Credit to wushi of team509.
  • [$1000] [58657] High Bad cast with the SVG use element. Credit to the kuzzcc.
  • [$1000] [58731] High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com).
  • [$500] [58741] High Use-after-free in text control selections. Credit to “vkouchna”.
  • [$1000] [Linux only] [59320] High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
  • [$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl.
  • [$500] [60238] High Bad use of destroyed frame object. Credit to various developers, including “gundlach”.
  • [$500] [60327] [60769] [61255] High Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno).
  • [$1000] [60688] High Out-of-bounds array access in SVG handling. Credit to wushi of team509.
Anthony Laforge
Google Chrome

Stable Channel Update

Tuesday, October 19, 2010 | 10:00

Labels:


Update: Google Chrome Frame, 7.0.517.43, has been release to stable and beta channels.
Google Chrome 7.0.517.41 has been released to the stable and beta channels for Windows, Mac, and Linux.  Updates from the previous stable release include:
  • Hundreds of bug fixes
  • An updated HTML5 parser
  • File API
  • Directory upload via input tag
More information on these and other changes in Chrome 7 can be found on the Google Chrome blog. Download Chrome today!

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [48225] [51727] Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno).
  • [48857] High Crash with forms. Credit to the Chromium development community.
  • [50428] Critical Browser crash with form autofill. Credit to the Chromium development community.
  • [$500] [51680] High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel.
  • [53002] Low Pop-up block bypass. Credit to kuzzcc.
  • [53985] Medium Crash on shutdown with Web Sockets. Credit to the Chromium development community.
  • [Linux only] [54132] Low Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research.
  • [$500] [54500] High Possible memory corruption with animated GIF. Credit to Simon Schaak.
  • [Linux only] [54794] High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans).
  • [56451] High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team.
In addition, we would like to credit Aki Helin of OUSPG and kuzzcc for finding bugs during the development cycle such that they never reached a stable build.

Stable, Beta Channel Updates

Friday, September 17, 2010 | 14:31

Labels: ,

Google Chrome has been updated to 6.0.472.62 for Windows, Linux and Mac on the Stable channel. In addition, all of the above plus Chrome Frame have been updated on the Beta channel.


Along with the security fixes listed below, this version includes an updated version of the Flash Plugin with a fix for a security vulnerability.

Security fixes and rewards
Please see
the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$500] [55114] High Bad cast with malformed SVG. Credit to wushi of team 509.
  • [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron Ten-Hove of Google.
  • [$1000] [55350] High Cross-origin property pollution. Credit to Stefano Di Paola of MindedSecurity.
More details about additional changes are available in the SVN revision log.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel - find out how.


Jason Kersey
Google Chrome

Stable, Beta Channel Updates

Tuesday, September 14, 2010 | 18:02

Labels: ,

Google Chrome 6.0.472.59 has been released to the Stable and Beta channels for Windows, Mac, and Linux.  In addition, it has been released to the beta channel for Chrome Frame.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$500] [50250] High Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries).
  • [$1000] [50712] High Use-after-free in SVG styles. Credit to kuzzcc.
  • [$500] [51252] High Use-after-free with nested SVG elements. Credit to kuzzcc.
  • [Linux only] [51709] Low Possible browser assert in cursor handling. Credit to “magnusmorton”.
  • [$500] [51919] High Race condition in console handling. Credit to kuzzcc.
  • [53176] Low Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
  • [$500 x 2] [Mac only] [53361] Critical Fix bug 45400 properly on the Mac. Credit to Sergey Glazunov and “remy.saissy”.
  • [$500] [53394] High Memory corruption in Geolocation. Credit to kuzzcc.
  • [Linux only] [53930] High Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans).
  • [54006] Low Failure to prompt for extension history access. Credit to “adriennefelt”.

More details about additional changes are available in the svn revision log.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel - find out how.

Jason Kersey
Google Chrome

Stable, Beta Channel Updates

Tuesday, September 7, 2010 | 16:14

Labels: ,

The Stable and Beta channels of Chrome have been updated to 6.0.472.55 for Windows, Mac, and Linux (Update: Chrome Frame is also now updated to this version on the Beta channel). This version contains the following fixes:

All
Windows
  • [r58190] Importing data from other browsers when chrome is set as default  (bug 53655)
  • [r58288] Chrome can’t be made default browser when it already exists (bug 53656)
More details about additional changes are available in the svn revision log.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel - find out how.

Jason Kersey
Google Chrome

Stable and Beta Channel Updates

Thursday, September 2, 2010 | 07:04

Labels: ,

Google Chrome 6.0.472.53 has been released to the stable and beta channels for Windows, Mac, and Linux.  Updates from the previous stable release include:
  • Updated UI
  • Form Autofill
  • Syncing of extensions and Autofill data
  • Increased speed and stability
More information on these and other changes in Chrome 6 can be found on the Google Chrome blog. Download Chrome today!

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”.
  • [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security.
  • [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak.
  • [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team.
  • [45876] Medium Possible installed extension enumeration. Credit to Lostmon.
  • [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell.
  • [$1000] [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov.
  • [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
  • [$1337] [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar).
  • [$500] [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
  • [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno).
  • [52443] High Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249).
  • [$1000] [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
  • [$500] [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
This release also fixes [51070] (Windows kernel bug workaround; credit to Marc Schoenefeld), which was incorrectly declared fixed in version 5.0.375.127.

In addition, we would like to credit Google Chrome Security Team (Inferno), James Robinson (Chromium development community), Google Chrome Security Team (Cris Neckar), Aki Helin of OUSPG, Fred Akalin (Chromium development community), Anna Popivanova, “myusualnickname”, Michal Zalewski of the Google Security Team, kuzzcc and Aaron Boodman (Chromium development community) for finding bugs during the development cycle such that they never reached a stable build.

If you find new issues, please let us know by filing a bug.   If you would like to use the stable channel, you can find out more about changing your Chrome channel

Jason Kersey
Google Chrome