Showing more posts with label Stable updates. Show older posts

Stable Channel Update

Thursday, February 10, 2011 | 19:26

Labels:

The stable channel has been updated to 9.0.597.98 for Windows. This release fixes a regression where IME clients could not attach to Flash (Issue 66605).  Many thanks to everyone for the reports!

If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Anthony Laforge
Google Chrome

Stable Channel Update

Tuesday, February 8, 2011 | 09:00

Labels:

The stable channel has been updated to 9.0.597.94 for all platforms. This release contains an updated version of Flash player (10.2), along with the following security fixes.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

This release incorporates a new version of Flash (10.2), which is a security update.

  • [67234] High Stale pointer in animation event handling. Credit to Rik Cabanier.
  • [$1000] [68120] High Use-after-free in SVG font faces. Credit to miaubiz.
  • [$1000] [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella.
  • [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google.
  • [$1000] [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC.
If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Anthony Laforge
Google Chrome

Stable Channel Update

Thursday, February 3, 2011 | 09:00

Labels:

The stable channel has been updated to 9.0.597.84 for all platforms. Details about the features included in this release can be found on the Google Chrome Blog, in addition this release contains the following security fixes.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Special thanks to thecommunity, for playing so much of the game “Z-Type” that they uncovered a Chromium audio bug -- see below!

  1. [Mac only] [42989Low Minor sandbox leak via stat()Credit to Daniel Cheng of the Chromium development community.
  2. [$1000] [55831High Use-after-free in image loadingCredit to Aki Helin of OUSPG.
  3. [59081Low Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom).
  4. [62791Low Browser crash with extension with missing key. Credit to Brian Kirchoff.
  5. [$1000] [64051High Crashing when printing in PDF event handlerCredit to Aki Helin of OUSPG.
  6. [65669Low Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno).
  7. [Mac only] [66931Low Work around a crash in the Mac OS 10.5 SSL libraries. Credit to Dan Morrison.
  8. [68244Low Browser crash with bad volume setting. Credit to Matthew Heidermann.
  9. [69195Critical Race condition in audio handlingCredit to the gamers of Reddit!

In addition, we would like to thank Aki Helin, Sergey Glazunov, Ben Hawkes of the Google Security Team, Benoit Jacob, Simon Fraser and miaubiz for reporting bugs to us during the development cycle, so that they never affected the stable channel. Various rewards were issued for this help.

If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Anthony Laforge
Google Chrome

Chrome Stable Release

Wednesday, January 12, 2011 | 15:15

Labels:


Chrome on stable channel has been updated to 8.0.552.237 for all platforms.  Chrome OS has also been updated, to 8.0.552.334. These releases contain the security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

We’re delighted to offer our first “elite” $3133.7 Chromium Security Reward to Sergey Glazunov. Critical bugs are harder to come by in Chrome, but Sergey has done it. Sergey also collects a $1337 reward and several other rewards at the same time, so congratulations Sergey!

Also of note is a clarification on our default charity policy. Some researchers are unable to accept rewards, or even provide a suggestion for a charity. In such cases, it feels like a shame to lose a charitable contribution so we will default reward money to the Red Cross.
  • [58053] Medium Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community.
  • [$1337] [65764] High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
  • [66334] High Crashes when printing multi-page PDFs. Credit to Google Chrome Security Team (Chris Evans).
  • [$1000] [66560] High Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
  • [$500] [66748] High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
  • [67100] High Use after free in PDF page handling. Credit to Google Chrome Security Team (Chris Evans).
  • [$1000] [67208] High Stack corruption after PDF out-of-memory condition. Credit to Jared Allar of CERT.
  • [$1000] [67303] High Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT.
  • [$500] [67363] High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz.
  • [$1000] [67393] Medium Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc.
  • [$1000] [68115] High Vorbis decoder buffer overflows. Credit to David Warren of CERT.
  • [$1000] [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of OUSPG.
  • [$1000] [68178] High Bad cast in anchor handling. Credit to Sergey Glazunov.
  • [$1000] [68181] High Bad cast in video handling. Credit to Sergey Glazunov.
  • [$1000] [68439] High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined).
  • [$3133.7] [68666] Critical Stale pointer in speech handling. Credit to Sergey Glazunov.
Full details about the Chrome changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

Stable Channel Update

Wednesday, December 15, 2010 | 16:45

Labels:


The Chrome Stable channel has been updated to 8.0.552.231 for Mac.  This release contains a stability fix for web forms.

If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

Stable, Beta Channel Updates

Monday, December 13, 2010 | 11:19

Labels: ,

The Chrome Stable and Beta channels have been updated to 8.0.552.224 for all platforms.  Chrome OS has also been updated to 8.0.552.343. These releases contain the security fixes listed below, along with stability and other improvements.


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [64-bit Linux only] [56449] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community.
  • [60761] Medium Bad extension can cause browser crash in tab handling. Credit to kuzzcc.
  • [63529] Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google.
  • [$1000] [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
  • [$1000] [64959] High Stale pointers in cursor handling. Credit to Sławomir Błażek and Sergey Glazunov.
Full details about the Chrome changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

Stable, Beta Channel Updates

Thursday, December 2, 2010 | 11:47

Labels: ,

The Chrome team is happy to announce our latest Stable release, 8.0.552.215.  In addition to the over 800 bug fixes and stability improvements, Chrome 8 now contains a built in PDF viewer that is secured in Chrome’s sandbox.  As always, it also contains our latest security fixes, listed below.  This release will also be posted to the Beta Channel.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
  • [55745] Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR).
  • [56237] Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno).
  • [58319] Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl).
  • [$500] [59554] High Use after free in history handling. Credit to Stefan Troger.
  • [Linux / Mac] [59817] Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team.
  • [61701] Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel.
  • [61653] Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR).
  • [$1000] [62127] High Crash due to bad indexing with malformed video. Credit to miaubiz.
  • [62168] Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc.
  • [$1000] [62401] High Use after free with SVG animations. Credit to Sławomir Błażek.
  • [$500] [63051] Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
  • [$1000] [63444] High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
We would like to offer special thanks -- and a number of rewards -- to Aki Helin of OUSPG for his extensive help with the new PDF feature. We’d also like to extend thanks to Sergey Glazunov and Marc Schoenefeld for finding bugs during the development cycle such that they never reached a stable build.

Full details about the changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome