Showing more posts with label Stable updates. Show older posts

Stable Channel Update

Thursday, April 14, 2011 | 12:29

Labels:



The Chrome Stable channel has been updated to 10.0.648.205 for Windows, Mac, Linux and Chrome Frame.  This release contains a new version of Adobe Flash which includes a fix for a security vulnerability, as well as the security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$500] [Windows only] [70070] Critical CVE-2011-1300: Off-by-three in GPU process. Credit to yuri.ko616.
  • [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl.

    The full list of changes is available from the SVN revision log.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.


    Jason Kersey
    Google Chrome

    Stable Channel Update

    Thursday, March 24, 2011 | 14:32

    Labels:

    The Chrome Stable and Beta channels have been updated to 10.0.648.204 for Windows, Mac, Linux and Chrome Frame.  Included in this release is support for the password manager on Linux, performance and stability fixes, as well as the security fixes listed below.

    Security fixes and rewards:
    Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
    • [$500] [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin.
    • [$1000] [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek.
    • [$2000] [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov.
    • [$1500] [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov.
    • [$2000] [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov.
    • [$1500] [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov.
    The full list of changes is available from the SVN revision log.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.
     
    Jason Kersey
    Google Chrome

    Stable and Beta Channel Updates

    Thursday, March 17, 2011 | 13:00

    Labels: ,


    The Chrome Stable and Beta channels have been updated to 10.0.648.151 for Windows, Mac, Linux and Chrome Frame.  This release blacklists a small number of HTTPS certificates.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.
     
    Jason Kersey
    Google Chrome

    Stable and Beta Channel Updates

    Tuesday, March 15, 2011 | 13:19

    Labels: ,


    The Chrome Stable and Beta channels have been updated to 10.0.648.134 for Windows, Mac, Linux and Chrome Frame. This release contains an updated version of the Adobe Flash player. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

    Jason Kersey
    Google Chrome

    Stable and Beta Channel Updates

    Friday, March 11, 2011 | 10:26

    Labels: ,

    The Chrome Stable and Beta channels have been updated to 10.0.648.133 for Windows, Mac, Linux and Chrome Frame. This release fixes the following security issue:

    Security fixes and rewards:
    Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
    • [$1337] CVE-2011-1290 [75712] High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI (ZDI-CAN-1167).
    If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

    Jason Kersey
    Google Chrome

    Chrome Stable Release

    Tuesday, March 8, 2011 | 08:00

    Labels:

    The Google Chrome team is excited to announce the arrival of Chrome 10.0.648.127 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Chrome 10 contains some really great improvements including:
    • New version of V8 - Crankshaft - which greatly improves javascript performance
    • New settings pages that open in a tab, rather than a dialog box
    • Improved security with malware reporting and disabling outdated plugins by default
    • Sandboxed Adobe Flash on Windows
    • Password sync as part of Chrome Sync now enabled by default
    • GPU Accelerated Video
    • Background WebApps
    • webNavigation extension API (experimental but ready for testing)

    Security fixes and rewards:
    Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

    As can be seen, a few lower-severity issues were rewarded on account of being particularly interesting or clever. And some rewards were issued at the $1500 and $2000 level, reflecting bug reports where the reporter also worked with Chromium developers to provide an accepted patch.
    • [42574] [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
    • [Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang.
    • [Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG.
    • [$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
    • [$500] [69628] High Memory corruption with counter nodes. Credit to Martin Barbella.
    • [$1000] [70027] High Stale node in box layout. Credit to Martin Barbella.
    • [$500] [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean.
    • [$1000] [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov.
    • [Linux only] [70779] Medium Out of bounds read handling unicode ranges. Credit to miaubiz.
    • [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
    • [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva.
    • [$1000] [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz.
    • [71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR.
    • [$1000] [72028] High Stale pointer in table painting. Credit to Martin Barbella.
    • [73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team.
    • [$1000] [73066] High Crash with the DataView object. Credit to Sergey Glazunov.
    • [$1000] [73134] High Bad cast in text rendering. Credit to miaubiz.
    • [$2000] [73196] High Stale pointer in WebKit context code. Credit to Sergey Glazunov.
    • [73716] Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans).
    • [$1500] [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov.
    • [$1000] [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov.
    • [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
    • [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
    We would also like to thank Ben Hawkes of the Google Security Team, Sergey Glazunov, Martin Barbella and “temp01irc” for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

    Last, but not least, we’d like to offer special thanks (plus additional rewards to those listed above) to Christian Holler. This is for working with us on his grammar-based fuzzing project, resulting in a more stable and secure “Crankshaft” engine for v8.

    More on what's new at the Official Chrome Blog.  You can find full details about the changes that are in Chrome 10 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

    Jason Kersey
    Google Chrome

    Stable Channel Update

    Monday, February 28, 2011 | 15:23

    Labels:

    The stable channel has been updated to 9.0.597.107 for all platforms. This release contains the following security fixes.

    Security fixes and rewards:
    Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

    Congratulations to the diverse range of researchers featuring in this patch. We’re pleased to announce that the Chromium Security Rewards program has now crossed $100,000 of rewards.

    • [$1000] [54262] High URL bar spoof. Credit to Jordi Chancel.
    • [$500] [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
    • [$1000] [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
    • [$1000] [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
    • [$500] [70078] High Crash with forms controls. Credit to Stefan van Zanden.
    • [$1000] [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
    • [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
    • [$1000] [71114] High Stale node in table handling. Credit to Martin Barbella.
    • [$1000] [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
    • [$1000] [71296] High Stale pointer in SVG animations. Credit to miaubiz.
    • [$1000] [71386] High Stale nodes in XHTML. Credit to wushi of team509.
    • [$1000] [71388] High Crash in textarea handling. Credit to wushi of team509.
    • [$1000] [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov.
    • [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
    • [$1000] [71855] High Integer overflow in textarea handling. Credit to miaubiz.
    • [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
    • [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
    • [$1000] [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
    • [$1000] [73235] High Stale pointer in layout. Credit to Martin Barbella.
    Chris Evans
    Google Chrome Security Team