Google Chrome Frame Update: Bug Fixes
Wednesday, November 18, 2009
Google Chrome Frame has been updated to version 4.0.245.1. All users should be updated automatically.
This release fixes several of the most common crashes and the following issues:
Google Chrome Frame 4.0.223.9 and earlier versions were vulnerable to a cross-origin bypass.
Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.
Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.
-- Mark Larson, Google Chrome Team
This release fixes several of the most common crashes and the following issues:
- Network requests fail randomly (Issue 27401).
- Fix issues with CFInstall.js to better detect compatible OS and browser versions, allow users to cancel the installation frame, and not cache the isAvailable result (Issues 22738, 23057, and 23132).
- Don't use Google Chrome Frame for frames or iframes (Issue 22989).
- Follow redirects properly (Issue 25643).
- IE8 freezing intermittently (Issue 24007).
- Remove data directories on uninstall (Issue 27483).
Google Chrome Frame 4.0.223.9 and earlier versions were vulnerable to a cross-origin bypass.
Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.
Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.
-- Mark Larson, Google Chrome Team
