Tuesday, September 14, 2010

Stable, Beta Channel Updates

Google Chrome 6.0.472.59 has been released to the Stable and Beta channels for Windows, Mac, and Linux.  In addition, it has been released to the beta channel for Chrome Frame.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$500] [50250] High Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries).
  • [$1000] [50712] High Use-after-free in SVG styles. Credit to kuzzcc.
  • [$500] [51252] High Use-after-free with nested SVG elements. Credit to kuzzcc.
  • [Linux only] [51709] Low Possible browser assert in cursor handling. Credit to “magnusmorton”.
  • [$500] [51919] High Race condition in console handling. Credit to kuzzcc.
  • [53176] Low Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
  • [$500 x 2] [Mac only] [53361] Critical Fix bug 45400 properly on the Mac. Credit to Sergey Glazunov and “remy.saissy”.
  • [$500] [53394] High Memory corruption in Geolocation. Credit to kuzzcc.
  • [Linux only] [53930] High Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans).
  • [54006] Low Failure to prompt for extension history access. Credit to “adriennefelt”.

More details about additional changes are available in the svn revision log.  If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel - find out how.

Jason Kersey
Google Chrome

29 comments:

Sakis said...

Still iTunes links don't work. Will you ever fix this?

meriah said...
This comment has been removed by a blog administrator.
Nobu said...

So, about:labs is coming to the beta channel when it switches to 7?

Kristina said...

chrome crashes most of the time when I access this website: http://www.investors.com/

Hope can be fixed.

Wes said...

Canary is having some serious page painting issues. It won't update until the browser window is resized.

jea said...
This comment has been removed by a blog administrator.
Peng said...

I encountered a very serious bug in this google chrome 6.0.472.59 released. There are times my mouse freezes, unable to click or highlight text, closes tabs in chrome. Tried to reboot my PC but still unable to click properly or highlight text using my mouse even in my windows desktop. I thought my mouse was broken. But when I terminated the GoogleCrashhandler.exe, my mouse works properly... This is a serious problem especially to those users who are not computer savvy.

hoboknitter said...

could this release be why chrome is not working right? i can't bookmark pages or use standard gmail. does anybody ever actually help you? does chrome or google read this stuff? never thought internet explorer would look good again.....

influx98 said...

Chrome for mac STILL doesn't auto-update. If you go to about it doesn't show that there is a newer version either.

Larry Seltzer said...

Does Microsoft Vulnerability Research get any of the bounty money for their bugs?

Martin said...
This comment has been removed by the author.
Martin said...

Flash player 64bit preview 1 for windows is out, when can we expect 64bit Chrome for windows? :)

Victor said...

Once again, several times in a row, it doesn't autoupdate. Can't believe that Google wouldn't have server capacity for serving up these updates -- which was given as a previous excuse.

Peto said...

Hi,

My Chrome for Mac is at version 6.0.472.55 and it claims to be up to date, which doesn't seem to be true.

Something wrong with the checking for updates?

Pete

PastorBuss said...

Are these updates delivered to users automatically, or is there something to download?

Manish said...

Info related to Update from another post by pkasting -

Just because a release has been made available on a channel does not mean we immediately trigger updates on all clients. There are three reasons a client won't pick up an update instantly:
(1) The client only checks for an update periodically.
(2) We purposefully rate-limit updates for reasons like limiting server load, testing a release on a narrower population so we can abort the rollout with minimal damage if an unexpected glitch appears, etc.
(3) Once an update is installed Chrome needs to be restarted before it will take effect.

The update system is working as designed.

Victor said...

Manish,

Again the same old, tedious excuses for failure to auto-update:

1) Your excuse: client only checks periodically. Our experience: If you click on About Chrome, it's tells us it's manually checking for an update and then says there isn't one.

2) Your excuse: Server load. Gee for a server intensive company, it's amazing than you have a server load problem that exceeds Microsoft autoupdate -- which always works if you resort to manual update queries.

3) Your excuse: Needs to be restarted. Well, so do most updates. The problem is NOT even getting the update in first place to do a restart.

If it's working as designed, it ain't working.

Manish said...

@Victor - It's the info provided by Google folks.. I have just pasted the info from another post..

Stephen F. said...

I've lost the view history and erase history functions and the book mark save has changed. Love google but its frustrating to have it change just when you've got it down right!

Sinensis said...

Serious mouse issues dittoed here. I can't highlight things, and right-clicking is really messed up. What's going on??

Jonah said...

I am very upset about the regression of the collapsed extensions. They used to be collated under a drop down menu, and now are back to being spread out. i do not like this.

Peto said...

@Manish (or to some Google folks really) fair enough. However, how well known these security problems are now to the bad guys? I mean how much more information are they getting from from this Changelog that wasn't available earlier.

At least it makes me feel less safer than before as I know know there are fixes available that I just can't get.

Pete

cichy said...

Still maximum with of the bookmark list is 800px which is way to much. 400-500px would be much more appropriate.
Others things look ok, good job ;)

Nobu said...

@Pete: Not much. There are any number of ways that those bugs could have been triggered, but figuring out how is very difficult. Just knowing it can be done does not make it any easier to do it. Combined with the fact that the bugs which are linked to within this post are only accessible to those who need to see them (at least until most users have updated to the latest version), and it's unlikely that anything in this post will hurt users or help the bad guys. ;-)

Victor said...

Nice to imagine that security exploits aren't easy. Then by logic, why patch them at all?

Chrome is like a wonderful, high performance sports car where workers occasionally forget to put in seat belts and air bags -- by bungling the auto-update.

Nobu said...

@Victor: I didn't say they were impossible. Just like you can miss a small nick in a windshield and it can turn into a large crack, so can anyone notice that small nick and tap it with a hammer to make a large crack. But Chrome (supposedly) is so polished that it's difficult to see any nicks, even if they are there, and it's reinforced so that if someone taps on the nick, the whole windshield won't break and allow stuff in/out. (yay, analogies)

If anyone knows how to exploit those bugs, then they don't need this blog for information on how to exploit them; they're experts, just like the people who created the browser, and know what they're doing (or got really lucky when browsing through the code).

fastharry™ said...

wow, I thought I was crazy with my mouse pointer not working over the last month or so...

thanks for the tip on crashhandler..

Bob said...

on 17 Sep used chrome to access 2 websites on Yahoo (shine.yahoo.com/channel/food/what-s-fresh...) and one other I can't recall) -- MacAfee detected a trojan (Hiloti.gen.g) Since then I have two error messags when Windows Vista starts -- missing .dll files (Googled them -- no known dlls). WTFO? Thnx for the vulnerabilities, Google Chrome.

Nobu said...

@Bob: Trojans can't do anything to you unless you execute them yourself. Once McAfee detected the trojan, it was already past the browser and on your computer, so there wasn't anything Chrome could have done to prevent it from attacking your computer in the first place. You should scan any file you download before opening, running, or viewing it, regardless of what browser you use. If McAfee failed to detect the malicious file before it was executed, so you should go complain to them. (but if you aren't using their real-time scanner, they'll probably tell you the same thing I did, and maybe advertise their other products).

Anyway, you should be able to restore any missing dlls by inserting your Windows install disc and running Windows's built-in repair utility.