Tuesday, May 25, 2010 | 08:00
Labels:
Stable updates
Google Chrome 5.0.375.55 has been released to the Stable channel for Linux, Mac and Windows.
For more details about the new features in the release, over our previous stable release 4.1, please see the
Official Google Chrome blog.
Security Fixes:
Please see
the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [7713] Medium Canonicalize URLs closer to the Safe Browsing specification. Credit to Brett Wilson of the Chromium development community.
- [16535] High Possible URL bar spoofing via unload event handlers. Credit to Michal Zalewski, Google Security Team.
- [30079] Medium Memory error in Safe Browsing interaction. Credit to Google Chrome Security Team (SkyLined).
- [39740] Medium Bypass of whitelist-mode plugin blocker. Credit to Darin Fisher of the Chromium development community.
- [41469] Medium Memory error with drag + drop. Credit to kuzzcc.
- [42228] High Incorrect execution of Javascript in the extension context. Credit to Andrey Kosyakov of the Chromium development community.
In addition, we fixed a range of minor issues such as non-exploitable crashes, hangs and other annoyances. Credit to Sumit Gwalani; Google Security Team, sirdarckcat; Google Security Team, Google Chrome Security Team (Inferno), Carlos Ghan, WHK;
elhacker.net, x41, Aki Helin; OUSPG, Jordi Chancel, kuzzcc, Robert Swiecki; Google Security Team, Tavis Ormandy; Google Security Team and Florent; Skyrecon Systems.
Also, we would like to extend our thanks to the following people who helped find bugs so we could fix them before they ever affected the stable channel: Robert Swiecki; Google Security Team, Alexey Proskuryakov; Apple, Florian Rienhardt; BSI, and Ben Davis.
Anthony Laforge
Google Chrome
Tuesday, April 27, 2010 | 13:54
Labels:
Stable updates
Google Chrome 4.1.249.1064 has been released to the Stable channel on Windows.
This release fixes the following issues:
- Google Chrome was not using the correct path for the Java plugin for Java Version 6 Update 20.
- 4.1.249.1059 was much slower on JavaScript benchmarks than 4.1.249.1045. (Issue 42158)
This release also fixes the following security issues:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [40445] High Cross-origin bypass in Google URL (GURL). Credit: Jordi Chancel.
- [40487] High Memory corruption in HTML5 Media handling. Credit: David Bloom of Google Security Team.
- [$500] [42294] High Memory corruption in font handling. Credit: wushi of team509.
--Mark Larson, Google Chrome Team
Tuesday, April 20, 2010 | 08:59
Labels:
Stable updates
Google Chrome 4.1.249.1059 has been released to the Stable channel on Windows.
This release fixes the following security issues:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$500] [39443] High Type confusion error with forms. Credit: kuzzcc.
- [39698] High HTTP request error leading to possible XSRF. Credit: Meder Kydyraliev, Google Security Team.
- [40136] Medium Local file reference through developer tools. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
- [40137] Medium Cross-site scripting in chrome://net-internals. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
- [40138] High Cross-site scripting in chrome://downloads. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
- [40575] Medium Pages might load with privileges of the New Tab page.
- [$500] [40635] High Memory corruption in V8 bindings. Credit: kuzzcc; Google Chrome Security Team (SkyLined); Michal Zalewski, Google Security Team.
--Mark Larson, Google Chrome Team
Tuesday, March 30, 2010 | 16:53
Labels:
Stable updates
Google Chrome 4.1.249.1045 has been released to the Stable channel on Windows.
This release fixes two issues:
- Fix to prevent crashes with the LastPass extension (Issue 38857)
- Add the option to disable 'Offer to translate pages that aren't in a language I read' in Options > Under the Hood
This release also addresses one minor security issue:
--Mark Larson, Google Chrome Team
Tuesday, March 23, 2010 | 18:21
Labels:
Stable updates
Google Chrome 4.1.249.1042 has been released to the Windows Stable channel.
This release fixes an issue with some extensions not installing from the Google Chrome extensions gallery (issue 38220).
--Mark Larson, Google Chrome Team
Wednesday, March 17, 2010 | 10:06
Labels:
Stable updates
EDIT 23-Mar-10 (mal): Remove "[33572] Medium HTTP headers processed before SafeBrowsing check" from security issues fixed. This is not fixed in this release.
The stable channel has been updated to 4.1.249.1036 for Windows, and includes the following features and security fixes (since 4.0):
- Translate infobar.
- Privacy features: content settings (cookies, images, JavaScript, plug-ins, pop-ups).
- Disabling experimental new anti-reflected-XSS feature called "XSS Auditor". The feature is still experimental, and we're disabling it while we look into some serious performance issues in rare cases. Please see this post for more details about what the XSS Auditor is.
Please see this feature announcment post for more info about translate and privacy.
Security Fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Congratulations to Sergey Glazunov on receiving the first $1337 Chromium Security Reward for bug 35724.
- [28804] [31880] High Race conditions and pointer errors in the sandbox infrastructure. Credit to Mark Dowd, under contract to Google Chrome Security Team.
- [30801] [33445] Low Delete persisted metadata such as Web Databases and STS. Credit to Google Chrome Security Team (Chris Evans) and RSnake of ha.ckers.org.
- [$500] [34978] High Memory error with malformed SVG. Credit to wushi of team509.
- [$1337] [35724] High Integer overflows in WebKit JavaScript objects. Credit to Sergey Glazunov.
- [36772] Medium HTTP basic auth dialog URL truncation.Credit to Google Chrome Security Team (Inferno).
- [37007] Medium Bypass of download warning dialog. Credit to kuzzcc.
- [$1000] [37383] High Cross-origin bypass. Credit to kuzzcc.
- [$500] [Affected BETA only] [37061] High Memory error with empty SVG Credit to Aki Helin of OUSPG.
List of all changes: http://build.chromium.org/buildbot/perf/dashboard/ui/changelog.html?url=/branches/249/src&range=38071:41527&mode=html
- Orit Mazor, Google Chrome Team
Wednesday, February 10, 2010 | 14:01
Labels:
Stable updates
The stable channel has been updated to 4.0.249.89 for Windows.
Security Fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Congratulations to Timothy D. Morgan on receiving a Chromium Security Reward for bug 32718. Note that Timothy elected to donate the reward to the Haiti relief effort, so Google raised the donation to $1337. - [12303] [29914] Low DNS and fall-back behavior of proxies. Credit to Eric Roman of the Chromium development community and Christopher Eatinger.
- [31009] High Integer overflows in the v8 engine. Credit to Mark Dowd, under contract to Google Chrome Security Team.
- [31692] High Error processing <ruby> tag. Credit to Google Chrome Security Team (SkyLined).
- [32309] Medium Leak of redirection target via <iframe> href.
- [$500] [32718] Medium Domain confusion populating HTTP authentication dialog. Credit to Timothy D. Morgan of VSR (www.vsecurity.com).
- [32915] High Integer overflow deserializing sandbox message. Credit to Mark Dowd, under contract to Google Chrome Security Team.
Anthony Laforge
Google Chrome Program Manager
Monday, January 25, 2010 | 08:16
Labels:
Stable updates
The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):
- Extensions
- Bookmark sync
- Enhanced developer tools
- HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
- v8 performance improvements
- Skia performance improvements
- Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
- HTTP byte range support
- New security feature: "Strict Transport Security" support
- Experimental new anti-reflected-XSS feature called "XSS Auditor"
Security Fixes:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.- [3275] Low Pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
- [9877] Medium Cross-domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
- [12523] Medium Browser memory error with stale pop-up block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
- [20450] Low Prevent XHR to directories. Credit to the Chromium development community.
- [23693] Low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
- [8864] [24701] [24646] High Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
- [28566] High Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
- [29920] Low Corner case failure to strip Referer. Credit to the Chromium development community.
- [30660] High Cross-domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
- [31307] High Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
- [31517] Low Browser crash with nested URL.
Anthony LaforgeGoogle Chrome Program Manager
Monday, December 14, 2009 | 14:13
Labels:
Stable updates
Google Chrome's Stable channel has been updated to version 3.0.195.38. (The Stable channel is still Windows-only.)
This release fixes a couple of browser crashes:
- r31694 fixes a crash while typing in the omnibox (issue 20511).
- r32474 fixes a crash while playing mp4 videos with odd sizes, such as 1366x768 (issue 27675).
--Mark Larson, Google Chrome Team
Thursday, November 12, 2009 | 10:50
Labels:
Stable updates
Google Chrome's Stable channel has been updated to 3.0.195.33 to fix a potential issue that could cause Google Chrome to stop working and a security issue.
This release removes a dependency on a Windows library (t2embed.dll) that is not required by Google Chrome. If that library is missing or the user does not have permission to read it, earlier versions of Google Chrome would fail silently.
Security Fix:
CVE-2009-2816 Custom headers incorrectly sent for CORS OPTIONS request
A malicious web site operator could set custom HTTP headers on cross-origin OPTIONS requests.
Severity: Low. The majority of users are unlikely to be impacted by this issue. Credit: Apple Security
Mitigations:
- A victim would need to visit a page under an attacker's control.
- The OPTIONS attribute is not widely supported by servers.
Mark Larson, Google Chrome Team
Thursday, November 5, 2009 | 13:18
Labels:
Stable updates
The stable channel has been updated to 3.0.195.32, and includes the following security and stability fixes:
- Resolved a history issue that affected going back from queries in Google Maps. (Issue: 21353)
- Fixed issue with Adobe Acrobat Reader 9.2, where no content would be displayed. (Issue: 24883)
- Fixed an infinite loop in AAC decoding. (Webkit Issue: 27239)
- Fixed a top crasher. (Issue: 22205)
- Fix issues where setInterval sometimes eats 100% CPU. (Issue: 25892)
Security Fixes:
CVE-2009-XXXX User not warned for some file types that can execute JavaScript
The user was not warned about certain possibly dangerous file types such as SVG, MHT and XML files. In some browsers, JavaScript can execute within these types of files. Because the JavaScript runs in the local context, it may be able to access local resources.
Severity: Medium
Credit: Inferno of SecureThoughts.com
Mitigations:
- A victim would need to visit a page under an attacker's control.
- The victim would furthermore need to open a malicious file.
CVE-2009-XXXX Possible memory corruption in the Gears plugin
A malicious site could use the Gears SQL API to put SQL metadata into a bad state, which could cause a subsequent memory corruption. This may lead to a Gears plugin crash or possibly arbitrary code execution.
Severity: High
Credit: This issue was found by the Google Chrome security team.
Mitigations:
- A victim would need to visit a page under an attacker's control.
- The victim would furthermore need to "click-through" the Gears dialog confirming that they trust the attacker's evil page.
Anthony Laforge
Google Chrome Program Manager