Showing newest posts with label Stable updates. Show older posts

Stable Channel Update

Tuesday, June 28, 2011 | 10:00

Labels:



The Chrome Stable channel has been updated to 12.0.742.112 for all platforms.  This release contains an updated version of Adobe Flash, along with the security fixes noted below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
  • [$1000] [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
  • [$1000] [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
  • [$500] [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
  • [$500] [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
  • [$1000] [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
  • [$1000] [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.
The full list of changes is available in the SVN revision log.  Interested in switching to another?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

Stable, Beta Channel Updates

Tuesday, June 14, 2011 | 14:00

Labels: ,


The Chrome Stable and Beta channels have been updated to 12.0.742.100 for all platforms.  This release contains an updated version of Adobe Flash.  Interested in switching to the Beta or Stable channels?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

Chrome Stable Release

Tuesday, June 7, 2011 | 08:30

Labels:

The Google Chrome team is happy to announce the release of Chrome 12 to the Stable Channel for all platforms.  Chrome 12.0.742.91 includes a number of new features and updates, including:
  • Hardware accelerated 3D CSS
  • New Safe Browsing protection against downloading malicious files
  • Ability to delete Flash cookies from inside Chrome
  • Launch Apps by name from the Omnibox
  • Integrated Sync into new settings pages
  • Improved screen reader support
  • New warning when hitting Command-Q on Mac
  • Removal of Google Gears
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$2000] [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz.
  • [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined).
  • [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR).
  • [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to “DimitrisV22”.
  • [$1337] [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc.
  • [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno).
  • [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community.
  • [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc.
  • [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.
  • [$500] [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne.
  • [$1000] [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz.
  • [$1000] [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov.
  • [$3133.7] [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov.
  • [$1000] [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov.
In addition, we would like to thank David Levin of the Chromium development community, miaubiz, Christian Holler and Martin Barbella for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.


We’d also like to call particular attention to Sergey Glazunov’s $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date.


You can find out more about Chrome 12 at the official Chrome Blog.  The full list of changes is available in the SVN revision logs (Trunk, Branch).  Interested in switching to the Stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.


Jason Kersey
Google Chrome

Stable Channel Update

Sunday, June 5, 2011 | 18:00

Labels:

The Chrome Stable channel has been updated to 11.0.696.77 for all platforms.  This release contains an updated version of Adobe Flash.  Interested in switching to the Stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Karen Grunberg

Google Chrome

Stable Channel Update

Tuesday, May 24, 2011 | 14:17

Labels:

The Stable channel has been updated to 11.0.696.71 for the Macintosh, Windows, Linux and Chrome Frame platforms


Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva.
  • [$1000] [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella.
  • [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar).
  • [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.

The following bugs were fixed:
  • REGRESSION: selection extended by arrow keys flickers on LinkedIn.com. (Issue 83197).
  • Have ConnectBackupJob try IPv4 first to hide potential long IPv6 connect timeout (Issue 81686).
  • Mac plugin crashes are too low in stats (Issue 82172).
  • Incorrect ACLs on the archived copy of setup.exe  (Issue 82424)

If you find new issues, please let us know by filing a bug.
Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome

Stable Channel Update

Friday, May 13, 2011 | 10:51

Labels:

The Stable channel has been updated to 11.0.696.68 for the Macintosh, Windows, Linux and Chrome Frame platforms

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit to Google Chrome Security Team (SkyLined).
  • [80608] High CVE-2011-1800: Integer overflows in SVG filters. Credit to Google Chrome Security Team (Cris Neckar)
This version also has Flash Player 10.3 which is an incremental release with improved stability, enhanced security and user privacy protection, and new capabilities for enterprises and developers. For more information, see the Adobe Flash Player release notes

If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome

Beta and Stable Channel Update

Friday, May 6, 2011 | 15:38

Labels: ,

The Beta and Stable channels have been updated to 11.0.696.65 for the Macintosh, Windows, Linux and Chrome Frame platforms

The following bugs were fixed:
  • After deleting bookmarks on the Bookmark managers, the bookmark bar doesn't display properly with existing bookmarks. (Issue 80580).
  • About Google Chrome window shows unknown channel for 11.0.696.57 (Issue 80683).
  • Chrome/Mac seems to clobber focus when uploading attachments to Gmail with the flash-based uploader (Issue 77172).
  • Also included is an updated version of Flash Player 10.2.
If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome

Beta and Stable Channel Update

Thursday, April 28, 2011 | 12:00

Labels: ,

The Beta and Stable channels have been updated to 11.0.696.60 for the Windows platform

The following bug was fixed:
  • REGRESSION: Windows painting issue while switching Chrome 11 window with overlapped app. (Issue 74604).
If you find new issues, please let us know by filing a bug.

Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome

Chrome Stable Update

Wednesday, April 27, 2011 | 08:03

Labels:


The Google Chrome team is happy to announce the arrival of Chrome 11.0.696.57 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Chrome 11 contains some really great improvements including speech input through HTML.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

We’re pleased to associate a record $16,500 of rewards with this patch.

  • [61502] High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella.
  • [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva.
  • [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community.
  • [$500] [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin.
  • [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass.
  • [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz.
  • [$1000] [73526] High CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz.
  • [$1000] [74653] High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc.
  • [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team.
  • [$1000] [75186] High CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez.
  • [$500] [75347] High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths.
  • [$1000] [75801] High CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509.
  • [$1000] [76001] High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella.
  • [$500] [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg.
  • [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509.
  • [$3000] [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc.
  • [$1000] [76966] High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz.
  • [$1000] [77130] High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509.
  • [$1000] [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski.
  • [77349] Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc.
  • [$2000] [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov.
  • [$500] [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel.
  • [$1500] [79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov.
  • [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF. Credit to Eric Roman of the Chromium development community.
  • [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to Eric Roman of the Chromium development community.
We would also like to thank miaubiz, kuzzcc, Sławomir Błażek, Drew Yao and Braden Thomas of Apple Product Security and Christian Holler for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

More on what's new at the Official Chrome Blog.  You can find full details about the changes that are in Chrome 11 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome