Wednesday, November 18, 2009

Google Chrome Frame Update: Bug Fixes

Google Chrome Frame has been updated to version 4.0.245.1. All users should be updated automatically.


This release fixes several of the most common crashes and the following issues:

  • Network requests fail randomly (Issue 27401).
  • Fix issues with CFInstall.js to better detect compatible OS and browser versions, allow users to cancel the installation frame, and not cache the isAvailable result (Issues 22738, 23057, and 23132).
  • Don't use Google Chrome Frame for frames or iframes (Issue 22989).
  • Follow redirects properly (Issue 25643).
  • IE8 freezing intermittently (Issue 24007).
  • Remove data directories on uninstall (Issue 27483).
Security Fix
Google Chrome Frame 4.0.223.9 and earlier versions were vulnerable to a cross-origin bypass.

Severity: High. An attacker could have bypassed cross-origin protections. Although important, "High" severity issues do not permit persistent malware to infect a user's machine. We're unaware of any exploitation of this issue.

Credit: Thanks to Billy Rios and Microsoft Vulnerability Research (MSVR) and also to Lostmon for finding and reporting this vulnerability responsibly.

-- Mark Larson, Google Chrome Team


18 comments:

gsctt said...

Thanks to Microsoft! Hahahahaha!

Joao said...

Microsoft made something usefull. Finally.

plainolebob said...

it is updated automatically for us?

imtesting said...
This comment has been removed by the author.
Lostmon said...

Thnx for public Acknowledgments, this is the first time that google give me that , so i have reported in a few years some vulns in google products ,and i know that this time i make a "responsabile" disclosure and in the others issues , i no wait to publish.

Thnx For your time !!

rr8004 said...

You share valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Please come visit my site Phoenix Business Phone Book when you got time.

rr8004 said...

I was thinking of looking up some of them newspaper websites, but am glad I came here instead. Although glad is not quite the right word… let me just say I needed this after the incessant chatter in the media, and am grateful to you for articulating something many of us are feeling - even from distant shores. Please come visit my site Business Reviews Of Philadelphia City when you got time.

Nelson Cruz said...

My Chrome still hasn't updated. I have 4.0.223.9 and Chrome still says I have the latest version. Is there some delay with this version? (I'm on beta channel)

quiltpup said...

My Chrome browser doesn't seem to update itself either. It claims my 3.0.195.33 version is current.
Windows XP
If I remove Chrome, my Outlook doesn't work properly and many updates to other apps do not update.

Carter said...

i think its awesome that the frame has auto update i thought it was a little belly ache when Microsoft was complaining about chrome frame being insecure and knew yall would handle the problem. honestly its cool that Microsoft is helping you by making you aware of the issues but i have one question... are yall going to leave those two shameless comment spam plugs above or moderator them out? if not when you have time you should visit the old version of my site or my technology blog where i mostly talk about Google stuff and geek code anyways

ps if (or when) you do snip this (and the above ones please by rr8004 [kinda a bot name]) dont snip the top if you can its actual commentary on the article

youtubeline said...

thanks for article for video

rr8004 said...

You do have a point here :) I admire the stuff you post and the quality information you offer in your blog! Keep up the good work dude. Please come visit my site Oregon OR Phone Directory when you got time.

rr8004 said...

You do have a point here :) I admire the stuff you post and the quality information you offer in your blog! Keep up the good work dude. Please come visit my site Portland Phone Book when you got time.

rr8004 said...

You do have a point here :) I admire the stuff you post and the quality information you offer in your blog! Keep up the good work dude. Please come visit my site Portland Phone Book when you got time.

thomson said...

Celiac symptoms, celiac disease, celiac diet, gluten-sensitive enteropathy gluten-sensitive enteropathy

thomson said...

Online resources of toe fungus, fungus treatment, nail fungus toe. nail fungus treatment

Brian Sullivan said...

Anybody have any idea how to download an attached docx file in Chrome Frame? Also uploading a docx attachment seems not to work on the all the machines with IE8 that I have tried (results in an animated icon that animates forever -- never completes)

santos said...

it is a updated Google Chrome Frame version is 4.0.245.1. it is easy to All the users updated automatically.

cheap cosmetics.