Wednesday, March 17, 2010

Stable Channel Update

EDIT 23-Mar-10 (mal): Remove "[33572] Medium HTTP headers processed before SafeBrowsing check" from security issues fixed. This is not fixed in this release.

The stable channel has been updated to 4.1.249.1036 for Windows, and includes the following features and security fixes (since 4.0):

  • Translate infobar.
  • Privacy features: content settings (cookies, images, JavaScript, plug-ins, pop-ups).
  • Disabling experimental new anti-reflected-XSS feature called "XSS Auditor". The feature is still experimental, and we're disabling it while we look into some serious performance issues in rare cases. Please see this post for more details about what the XSS Auditor is.

Please see this feature announcment post for more info about translate and privacy.

Security Fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Congratulations to Sergey Glazunov on receiving the first $1337 Chromium Security Reward for bug 35724.
  • [28804] [31880] High Race conditions and pointer errors in the sandbox infrastructure. Credit to Mark Dowd, under contract to Google Chrome Security Team.
  • [30801] [33445] Low Delete persisted metadata such as Web Databases and STS. Credit to Google Chrome Security Team (Chris Evans) and RSnake of ha.ckers.org.
  • [$500] [34978] High Memory error with malformed SVG. Credit to wushi of team509.
  • [$1337] [35724] High Integer overflows in WebKit JavaScript objects. Credit to Sergey Glazunov.
  • [36772] Medium HTTP basic auth dialog URL truncation.Credit to Google Chrome Security Team (Inferno).
  • [37007] Medium Bypass of download warning dialog. Credit to kuzzcc.
  • [$1000] [37383] High Cross-origin bypass. Credit to kuzzcc.
  • [$500] [Affected BETA only] [37061] High Memory error with empty SVG element. Credit to Aki Helin of OUSPG.

List of all changes: http://build.chromium.org/buildbot/perf/dashboard/ui/changelog.html?url=/branches/249/src&range=38071:41527&mode=html


- Orit Mazor, Google Chrome Team

15 comments:

Konrad said...

great news ! keep godd work, google chrome team! Best browser ever

Kenny said...

Is this suppose to be available now?

I'm getting a "Update server not available (error:7)" message.

Kenny said...

Never mind, working now.

8ball said...

Love you, love chrome.
everything you do is Awesome.

I haven't updated yet, I have the Stable on my Laptop, Beta on my Desktop and Developer's on my USB Stick.

Portable Chrome: http://portableapps.com/apps/internet/google_chrome_portable

Stanimir Markov said...
This comment has been removed by the author.
Blewby said...

Great Job on updates, love the speed of Chrome. However, still waiting for Print Selection to come around.

gsctt said...

@Blewby, the fixed to print selection is provided only for the version 6 of the browser.

http://crbug.com/22937

Don't ask me why....

¡fah! said...

Love chrome but how do I turn OFF the automatic translation!!? Please help

Andrea & Len said...

You have blown my Internet Banking Service out of the water. Don't you think it would have been a good idea to let NatWest Online Banking know you were updating your software. Please don't get like the other 'you know who' browser and get too arrogant. I shall download Opera until you bring out a fix! You have been my browser of choice since launch. Ex-IBM softie.

Jerzy said...

There is still probably a small problem regarding styling. Default look ok, but Grayscale looks like this:
http://qkpic.com/62c72

Mintu said...

The update is not working for me.

I keep getting a "Update server not available (error:3)" message.

erg said...

I have a problem when I access any sites.

I Reported the problem:
http://code.google.com/p/chromium/issues/detail?id=38470

I want to solve the problem.

Carolyn Elizabeth Blake said...

When oh when will there be a Google Toolbar addon for Chrome? I travel all over the world and work in the net and I must have the security of the portable Bookmarks. I love Chrome but I cannot use it because I must be able to keep my bookmarks with me. Sad....

patrick said...

I chanced upon to view your blog and found it very interesting. Great ... Keep it up!
application development

Kurt said...

How can one determine the version of Chrome without running it? When I right-click chrome.exe and select Properties, the version number listed is 0.0.0.0 regardless of which version it actually is. I'm trying to get a handle on the status of chrome versions installed on my network. By file size and date it is apparent that there are multiple version out there (some doubtless vulnerable) but no way for me to derive the version number without going to each PC and launching Chrome.