google chrome 17
Stable Channel Update - The Chrome Stable channel has been updated to 17.0.963.83 on Windows, Mac, Linux and Chrome Frame
The Chrome Stable channel has been updated to 17.0.963.83 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games, along with the security fixes listed below.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.
- [$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
- [$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
- [$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
- [$2000] [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.
Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:
- [108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.
Chrome Stable Channel Update - The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame
The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games and videos, along with the security fix listed below.
Security fixes and rewards:
Congratulations again to community member Sergey Glazunov for the first submission to Pwnium!
- [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Stable Channel Update - The Chrome Stable channel has been updated to 17.0.963.66 on Windows, Mac, Linux and Chrome Frame
The Chrome Stable channel has been updated to 17.0.963.66 on Windows, Mac, Linux and Chrome Frame. This release fixes an issue in the DOM. Interested in hopping on the stable channel? Find out how.
Chrome Stable Update - The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame
The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of issues including:
- Cursors and backgrounds sometimes do not load (bug 111218)
- Plugins not loading on some pages (bug 108228)
- Text paste includes trailing spaces (bug 106551)
- Websites using touch controls break (bug 110332)
Along with these fixes, the release contains an updated version of the Adobe Flash player. More information on Flash updates is available from Adobe.
Security fixes and rewards:
Firstly, we have some special rewards for some special bugs!
- [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
- [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
- [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.
To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn’t come as a surprise that they all feature (and earn more!) in the release notes below.
We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
- [$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
- [$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
- [$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
- [$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
- [$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
- [$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
- [$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
- [$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
- [$500] [114054] Medium CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
- [$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
- [$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
- [$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
- [$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.
The majority of the above bugs were detected using AddressSanitizer, which rocks.
Stable Channel Update - The Stable channel has been updated to 17.0.963.46 for Windows, Mac, Linux and Chrome Frame
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including:
- New Extensions APIs
- Updated Omnibox Prerendering
- Download Scanning Protection
- Many other small changes
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
- [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
- [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
- [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
- [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
- [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek.
- [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
- [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
- [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
- [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
- [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).
The bugs [105459], [106441], [108416], [108901], [109716], [109743], [110112], [110277], [110374] and [110559] were detected using AddressSanitizer.
In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, Sławomir Błażek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.
Download Google Chrome 17 Beta
Now with sites pre-loading and safe browsing.
A new Google Chrome release has recently hit the streets, which can now be downloaded from the official page as version 17 (Beta).
Including various tweaks and bug fixes, Google Chrome 17 also brings two new features that will benefit both hardcore and new users.
Announced last year, a pre-load feature is now enabled by default and will load your sites before you even hit the enter button when typing URL in your address bar.
In addition to that, Google Chrome 17 will protect the everyday users by informing them on possibly malicious files that they are trying to download. This is an expanded functionality feature introduced with the Chrome 12 release.
Beta Channel Update - the release of Chrome 17 to the Beta Channel
The Chrome team is excited to announce the release of Chrome 17 to the Beta Channel. 17.0.963.26 contains a number of new features including:
- New Extensions APIs
- Updated Omnibox Prerendering
- Download Scanning Protection
- Many other small changes
Dev Channel Update - The Dev channel has been updated to 17.0.963.26 for all platforms except ChromeOS
The Dev channel has been updated to 17.0.963.26 for all platforms except ChromeOS. This release contains the following updates:
All
- Updated V8 - 3.7.12.12
- Make webstore installs work when the Downloads folder is missing. (Issue: 108812)
Mac
- Fixed crashes when running on top of Apple's software OpenGL renderer. (Issue: 106891)
- Fix the fullscreen exit bubble's shadow on lion. (Issue: 106798)
Dev Channel Update - The Dev channel has been updated to 17.0.963.0 for all platforms
The Dev channel has been updated to 17.0.963.0 for all platforms. This release has the following updates:
All Platforms
- Updated V8 - 3.7.12.6
- r113121 Omnibox suggestions will now be prerendered if our confidence of the user following the suggestion is high.
- Support for
- Content Settings (in Options, Under the Hood) now has UI for “Mouse Cursor”, which controls the Mouse Lock API permissions.
- r110556 Fixed a renderer crash that could happen when opening a new tab with many tabs open.
- WebKit Issue 73056 - Small fix for BiDi selection.
- WebKit Issue 63903 - Fixed WebKit's implementation of bdo, bdi, and output elements to match HTML5 spec section 10.3.5.
Windows
- r111156 - Desktop shortcuts will be created for each user account, to launch Chrome with that account active.
Mac
- The PDF viewer now renders nicer looking text.
- r111426 - Plugins using the Core Animation rendering model are now rendered through Chrome’s compositor rather than directly to the screen. This should have no user visible side effects; please file bugs and cc: kbr@chromium.org if any unexpected issues are seen with plugin rendering on Mac.
Known Issues
- Extension/App/Themes installs on Linux/ChromeOS are currently not working. This includes sync-driven installs. (Bug 106599)
Full details about what changes are in this release are available in the SVN revision log. Interested in switching to a different release channel? Find out how. If you find a new issue, please let us know by filing a bug.
Dev Channel Update - The Dev channel has been updated to 17.0.942.0 for Windows, Mac, Linux, and Chrome Frame
- Updated V8 - 3.7.7.0.
- Fixed New Tab page apps re-ordering issue.
- Policy support for disabling the Cloud Print Connector has been added.
Windows
- Fixed an issue where Chrome app windows would hang. [r110239]
Known Issues
- Crash when notification occurs [Issue: 103427]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Dev Channel Update - The Dev channel has been updated to 17.0.938.0 for Windows, Mac, Linux, and Chrome Frame
- Updated V8 - 3.7.6.0. This release includes the new garbage collector.
- Windows: Fixed a bug where the missing plug-in infobar would not do anything (issue 103216).
Dev Channel Update - The Dev channel has been updated to 17.0.932.0 for Windows, Mac, Linux, and Chrome Frame
All
- Fixed possible hang when using the GPU (Issue: 102214).
Windows
- Fixed a bug causing the missing plug-in infobar (“An additional plug-in is required…”) to wrongly appear (Issue: 101821)
- Stopped search engine dialog from appearing even when not changed.
- NaCl working again on Win64.
Known Issues
- In some cases, clicking the “Install plug-in” button on the missing plug-in infobar does nothing (Issue: 103216). A workaround is to click on the plug-in placeholder on the page instead.
Dev Channel Update - The Dev channel has been updated to 17.0.928.0 for Windows, Mac, Linux, and Chrome Frame
All
- Updated V8 - 3.6.6.3
- Prompt the user if they want to cancel downloads occurring when the last Incognito Window of a profile is closed.
- Panels are enabled by default (extensions-only, “Tasky” in Web Store is one example)
- Adjustable margins supported in Print Preview.
- Mouse Lock “Allow” permission (given via a prompt) is now saved in content settings per domain.
Linux
- Fix the multi-profile selection bubble when using a chrome-theme [r107495]
- Optimization work to make the GTK+ tabstrip do less redundant painting. Please report any regressions, especially with complex themes. [Issue: 100803]
Known Issues