Google Chrome Frame Update: Bug Fixes

Wednesday, November 18, 2009 | 12:37

Labels:

Google Chrome Frame has been updated to version 4.0.245.1. All users should be updated automatically.


This release fixes several of the most common crashes and the following issues:

  • Network requests fail randomly (Issue 27401).
  • Fix issues with CFInstall.js to better detect compatible OS and browser versions, allow users to cancel the installation frame, and not cache the isAvailable result (Issues 22738, 23057, and 23132).
  • Don't use Google Chrome Frame for frames or iframes (Issue 22989).
  • Follow redirects properly (Issue 25643).
  • IE8 freezing intermittently (Issue 24007).
  • Remove data directories on uninstall (Issue 27483).
Security Fix
Google Chrome Frame 4.0.223.9 and earlier versions were vulnerable to a cross-origin bypass.

Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.

Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.

-- Mark Larson, Google Chrome Team

| Email Post

13 comments:

gsctt said...

Thanks to Microsoft! Hahahahaha!

1:30 PM, November 18, 2009

Joao said...

Microsoft made something usefull. Finally.

2:53 PM, November 18, 2009

plainolebob said...

it is updated automatically for us?

3:34 PM, November 18, 2009

imtesting said...

This post has been removed by the author.

1:51 AM, November 19, 2009

Lostmon said...

Thnx for public Acknowledgments, this is the first time that google give me that , so i have reported in a few years some vulns in google products ,and i know that this time i make a "responsabile" disclosure and in the others issues , i no wait to publish.

Thnx For your time !!

3:37 AM, November 19, 2009

rr8004 said...

You share valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Please come visit my site Phoenix Business Phone Book when you got time.

4:55 AM, November 19, 2009

rr8004 said...

I was thinking of looking up some of them newspaper websites, but am glad I came here instead. Although glad is not quite the right word… let me just say I needed this after the incessant chatter in the media, and am grateful to you for articulating something many of us are feeling - even from distant shores. Please come visit my site Business Reviews Of Philadelphia City when you got time.

4:58 AM, November 19, 2009

Nelson Cruz said...

My Chrome still hasn't updated. I have 4.0.223.9 and Chrome still says I have the latest version. Is there some delay with this version? (I'm on beta channel)

11:25 AM, November 19, 2009

quiltpup said...

My Chrome browser doesn't seem to update itself either. It claims my 3.0.195.33 version is current.
Windows XP
If I remove Chrome, my Outlook doesn't work properly and many updates to other apps do not update.

9:42 PM, November 19, 2009

Carter said...

i think its awesome that the frame has auto update i thought it was a little belly ache when Microsoft was complaining about chrome frame being insecure and knew yall would handle the problem. honestly its cool that Microsoft is helping you by making you aware of the issues but i have one question... are yall going to leave those two shameless comment spam plugs above or moderator them out? if not when you have time you should visit the old version of my site or my technology blog where i mostly talk about Google stuff and geek code anyways

ps if (or when) you do snip this (and the above ones please by rr8004 [kinda a bot name]) dont snip the top if you can its actual commentary on the article

7:32 AM, November 20, 2009

youtubeline said...

thanks for article for video

7:37 AM, November 20, 2009

Brian Sullivan said...

Anybody have any idea how to download an attached docx file in Chrome Frame? Also uploading a docx attachment seems not to work on the all the machines with IE8 that I have tried (results in an animated icon that animates forever -- never completes)

1:47 PM, November 24, 2009

santos said...

it is a updated Google Chrome Frame version is 4.0.245.1. it is easy to All the users updated automatically.

cheap cosmetics.

2:40 AM, December 02, 2009

Post a Comment

Subscribe to: Post Comments (Atom)