Stable Update: Security Fixes
Tuesday, April 20, 2010 | 08:59
Labels: Stable updates
Google Chrome 4.1.249.1059 has been released to the Stable channel on Windows.
This release fixes the following security issues:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$500] [39443] High Type confusion error with forms. Credit: kuzzcc.
- [39698] High HTTP request error leading to possible XSRF. Credit: Meder Kydyraliev, Google Security Team.
- [40136] Medium Local file reference through developer tools. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
- [40137] Medium Cross-site scripting in chrome://net-internals. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
- [40138] High Cross-site scripting in chrome://downloads. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
- [40575] Medium Pages might load with privileges of the New Tab page.
- [$500] [40635] High Memory corruption in V8 bindings. Credit: kuzzcc; Google Chrome Security Team (SkyLined); Michal Zalewski, Google Security Team.
If you find issues, please let us know: http://code.google.com/p/chromium/issues/entry
--Mark Larson, Google Chrome Team
31 comments:
Manish said...
Lately lot of security fixes in Chrome :(
9:44 AM, April 20, 2010
MrNerd said...
is there a beta release today?
9:55 AM, April 20, 2010
LZSaver said...
Hmmm...
10:40 AM, April 20, 2010
joesixgig said...
Robert Swiecki for president. Keep up the good work! (and the other developers, please drink more coffee)
11:22 AM, April 20, 2010
Chris said...
@joesixgig: +1, I'm voting for Robert :) @Manish: well we could always leave them unfixed if you prefer :P More seriously, the good news is that many of them are being found by internal audits, and it remains very rare for Chromium to take a "Critical" bug. Also note that the Chromium Security Reward program is going very well and resulting in a slight increase in vulnerability load.
11:39 AM, April 20, 2010
erdemaytekin said...
Where we can find the download link
2:59 PM, April 20, 2010
Dogan said...
Are these fixes included in dev release?
4:19 PM, April 20, 2010
Manish said...
@Chris: I did not mean that :(. I really like the security model of Chrome, just that I was wishing for a release which has more new features (like bug 19, 266)..
4:45 PM, April 20, 2010
Gianni said...
Google Wave does not work with this release, no one else has the same problem?
5:31 PM, April 20, 2010
Mircea C. said...
Same old "Error 3: Update server unavailable" when checking the version. Thx.
12:44 AM, April 21, 2010
erdemaytekin said...
Where we can find the download link???
1:41 AM, April 21, 2010
Rajesh Shenoy said...
Sorry for the slightly off-track question: When is a stable build for Linux expected? Why is it taking so long?
4:15 AM, April 21, 2010
Mike and Mary Jones said...
Google Wave doesn't seem to be working...
5:09 AM, April 21, 2010
Jug said...
Rajesh: The first stable version for Linux and Mac is supposed to be Google Chrome 5, but there's a number of features planned for that release, so Linux users will still have to wait a while longer.
According to the Chromium Development Calendar (at http://www.chromium.org/developers/calendar ), the stable release date is yet to be decided upon.
But that Chromium is apparently going code complete on April 30, is a good sign. :) As a non-Googler guess from me, I'd say it may go stable sometime this summer? Maybe June? *shrug* But the Betas have pretty good quality these days too.
5:37 AM, April 21, 2010
Rajesh Shenoy said...
@Jug: Thank you very much for the very patient explanation! :)
@Mike and Mary Jones: Google Wave is not working for me too.
5:46 AM, April 21, 2010
Li, Quanjia said...
history management is really bad. not easy to del management
7:47 AM, April 21, 2010
nimo said...
This release experience with javascript performance degradation (Sunspider benchmark 40%)
8:14 AM, April 21, 2010
napoleon said...
Chrome does not want to update to version 4.1.249.1059. Currently in version 4.1.249.1045, he said he is up to date?!
12:14 PM, April 21, 2010
nhnl said...
From omahaproxy.appspot.com:
> win,stable,4.1.249.1045,4.1.249.1059
The order should be reversed.
Currently I can't update to 4.1.249.1059 from 249.1045.
10:26 AM, April 22, 2010
thinkNsidedabunNOToutsidedabox said...
crashing on me like a mofokuku! It's like open a Google Chrome instance, surf opening a few tabs, then what: has CRASHED! do u want to restart? Start again, only to crash again--LIKE PRACTICALLY RIGHT AWAY AS I *JUST* REstarted IT--LIKE, WHAT, 15 seconds ago (YES, SECONDS, PEOPLE--NOT EXAGGERATING TOO MUCH, AT ALL)!!! WTF? YES, *THAT* FREQUENT!!!!!!! I think I'm giving up Google Chrome! THIS IS NONSENSE B.S.!! GOOGLE, I think u r rushing (to dominance) so dropping ball on QC!!
using 4.1.249.1059 released 042010 T! And STABLE version too! THIS HAPPENING FOR U GUYS TOO??????????????????
WTF, GOOGLE, U SUX!
8:23 PM, April 22, 2010
Rajesh Shenoy said...
Google Wave is working for me today in this release. I guess it was an error in Wave, that has been fixed now.
@thinkNsidedabunNOToutsidedabox: I have not had any crashes. And I usually have 8-15 tabs open simultaneously.
8:32 PM, April 22, 2010
fromq8 said...
i have crash
i got crash in google chrpme
More than any other browser
WHY ???
2:24 AM, April 23, 2010
rade.ON! said...
oh gosh! thanks about the bookmarks bar shortcut..
now it's on track! ;)
keep up the good work..
4:28 AM, April 23, 2010
Bunniemagyk said...
Downloaded latest version to try to correct issue but Kapersky still finds the vulnerability in Chrome and also something in Java which I have also updated. What else can I do?
2:22 AM, April 24, 2010
Matthias said...
My Windows 7 updated, but my XP laptop stays at 1045 and reports to by uptodate. What might be my problem?
7:17 AM, April 25, 2010
showpanmohsin said...
Its very interesting and very informative and i really like your approach.
7:59 AM, April 26, 2010
Alexey said...
I found this bug after upgrading to this version. On some sites, clicking the middle mouse button leads to the discovery of links, rather than a new tab on this link.
9:38 AM, April 26, 2010
Heinrich said...
I can't get this version.
Chrome says : 4.1.249.1045 is uptodate.
11:22 PM, April 26, 2010
Mike N said...
I concur, my Google Chrome will still not update to the latest Stable version despite it being one week old. I'm running Vista.
5:47 AM, April 27, 2010
Manish said...
@Chris- Its already more than 10 days that 4.1.249.1059 was released, but the bugs are still marked private. Any idea, by when they will be made public? I would assume that by now the latest update must be pushed to majority of users... Is that not the case?
3:15 PM, May 03, 2010
Matthias said...
my Chrome on XP jumped up directly to 1064 without 1059
7:14 AM, May 04, 2010
Post a Comment