Wednesday, January 28, 2009

Stable, Beta update: Yahoo! Mail and Security Fixes

Google Chrome's Beta and Stable channels have been updated to 1.0.154.46. (Note, we won't have a different release for the Beta channel until we have something Beta-worthy come out of the Dev channel in February.)

This release fixes issues with two popular webmail providers:
  • Sending mail from Yahoo! Mail works again.
  • Windows Live Hotmail now works. While the Hotmail team works on a proper fix, we're deploying a workaround that changes the user agent string that Google Chrome sends when requesting URLs that end with mail.live.com.

    If you've been using the --user-agent switch to use Hotmail, you can remove the switch from your shortcuts with this release.

This release also includes two security updates. The
release notes have the full list of changes.

Security Updates
Work around for "Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability"
CVE: CVE-2007-0048, CVE-2007-0045
Google Chrome now refuses requests for javascript: URLs in Netscape Plugin API (NPAPI) requests from the Adobe Reader plugin. Adobe is aware of this issue and has helped us develop this mitigation while they work on a fix for all users.

Severity: Moderate. This could allow a PDF document to run scripts on arbitrary sites.
Credit: Thanks to Michael Schmidt for reporting this responsibly to Google.

Javascript Same-Origin Bypass
CVE: CVE-2009-0276
A bug in the V8 JavaScript engine could allow bypassing same-origin checks in certain situations.

Severity: High. A malicious script in a page could read the full URL of another frame, and possibly other attributes or data from another frame in a different origin. This could disclose sensitive information from one website to a third party.
Credit: Found internally by Google.

--Mark Larson, Google Chrome Program Manager

Monday, January 26, 2009

Dev update: Bug fixes and scrolling improvements

Google Chrome's Dev channel has been updated to 2.0.159.0. The main changes to highlight are:
  • Improved scrolling on pages with multiple plugins.
  • Fixed (mostly) the problem of tabs suddenly going to the smallest size.
  • Fixed downloads going to the wrong folder.
  • Fixed Gears not loading sometimes.
  • Removed the option to import bookmarks from Google bookmarks. We think we can improve this feature, so we're pulling it out until we come up with something better.
  • Added a way to remove sites from the 'Never remember passwords' list. Go to Options > Minor Tweaks > Passwords and click Exceptions.
Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The complete list of changes is available in the release notes.

--Mark Larson, Google Chrome Program Manager

Thursday, January 22, 2009

Dev update: Weekly bug fixes

Google Chrome's Dev channel has been updated to version 2.0.158.0. This release fixes a few bugs. Most of the effort in the last week has been spent on passing layout tests that have been failing since we updated to a more recent version of WebKit; those changes may improve layout on some sites, but are mostly minor tweaks you won't notice. That's a roundabout way of saying, we probably didn't fix the issue that's been bugging you the most this week.

Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The complete list of changes is available in the release notes.

--Mark Larson, Google Chrome Program Manager

Tuesday, January 13, 2009

Dev update: Weekly bug fixes

Update: We're releasing 2.0.157.2 to fix a couple of very frequent crashes in this release. One crash is in SafeBrowsing and may happen at any time, the other is a crash when you go to sites that use custom cursors (like Google Maps). The release notes have been updated.

Google Chrome's Dev channel has been updated to version 2.0.157.0. This release fixes a few minor bugs.

Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The list of user visible bugs is available in the release notes.

--Mark Larson, Google Chrome Program Manager

Friday, January 9, 2009

Stable, Beta update: New Gears

Google Chrome's Stable and Beta channels have been updated to version 1.0.154.43.

This is a minor update to add the following fixes:
  • Update Gears to version 0.5.8.0 to fix a crash with some offline applications
  • Enable spell-checking for Hebrew
--Mark Larson, Google Chrome Program Manager

Thursday, January 8, 2009

Dev update: New WebKit version, new features, and a new Dev channel

Google Chrome's Dev channel has been updated to version 2.0.156.1.

Previous Dev Channel Users Moved to Beta Channel
This release is far less polished than what Dev channel users have been getting during Google Chrome's Beta, so we've moved existing Dev channel users to the Beta channel. You can decide whether to switch to the new Dev channel or stay on the Beta channel.

Use the new channel changer to re-subscribe to the Dev channel.

Highlights of This Release
There's a long list of new features in the release notes, but here are some of the highlights:

  • New version of WebKit, with lots of fixes and new features like full-page zoom, autoscroll, and CSS gradients and reflections.
  • New network code. Google Chrome now has its own implementation of the HTTP network protocol (we were using the WinHTTP library on Windows, but need common code for Mac and Linux).
  • Form Autocomplete.
  • Full-page zoom.
  • Autoscroll (rough implementation). Middle-click on a page to scroll the page in any direction.

--Mark Larson, Google Chrome Program Manager

Edit (12 Jan 2009): As in the release notes, note that zoom and autoscroll were enabled by changes in WebKit.