Wednesday, September 30, 2009

Stable Channel Update

3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release.

Security Fixes:

CVE-2009-0689 dtoa() error parsing long floating point numbers

The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.


11 comments:

Cris said...

brother, the speed of downloads is very bad.
I download files using Google Chrome at 20 kps, while with Internet Explorer I download files at 225 kps.

ei, solve the problem!!!!!!

Cris said...

I don´t like the Download tool of Chrome. Is very slow!!!!!!!!!

Joe Chung said...

My Chrome won't update. It's still on 3.0.195.21, and the About box doesn't think there are any updates.

Mankauf said...

My stable channel won't update from .21 either; it insists that it is up-to-date.

Will try again in the morning...

David Powell said...

mine wont update from .21

Diego said...

The download system is really awful.
Is there anything u can do with it pls?

Fabio Turati said...

I've just got the update. I think the release notes were published a bit before the patch was actually available. No need to worry about this, then.

Fabio Turati said...

By the way, I can't post here using Chrome, the blog returns an error which forces me to use another browser. I'm using Explorer right now. Does this happen to anybody else?

d2kx said...

I am posting with Chrome 3 (stable) right now @Fabio.

John, Jeanna, & Jesse said...

Wow, Google catches these bugs/glitches really fast. Of course that's why it is the best and most secure browser around.

pandemos said...

From my point of view, this release does not deserve to be called "stable".

1. Its handling of pop-up windows is messed up. Go to http://forums.delphiforums.com/dictionary/messages/
and try to use the "search" bar there, which should show the results in a pop-up window. It works the first time, but if the PUP window is not closed, then the next result is not shown - the window does not get updated.
This is a regression.

2. It leaks memory horribly. I saw one of the processes grabbing 240M.

All of the above is on WinXP.