Monday, February 28, 2011

Stable Channel Update

The stable channel has been updated to 9.0.597.107 for all platforms. This release contains the following security fixes.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Congratulations to the diverse range of researchers featuring in this patch. We’re pleased to announce that the Chromium Security Rewards program has now crossed $100,000 of rewards.

  • [$1000] [54262] High URL bar spoof. Credit to Jordi Chancel.
  • [$500] [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
  • [$1000] [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
  • [$1000] [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
  • [$500] [70078] High Crash with forms controls. Credit to Stefan van Zanden.
  • [$1000] [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
  • [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
  • [$1000] [71114] High Stale node in table handling. Credit to Martin Barbella.
  • [$1000] [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
  • [$1000] [71296] High Stale pointer in SVG animations. Credit to miaubiz.
  • [$1000] [71386] High Stale nodes in XHTML. Credit to wushi of team509.
  • [$1000] [71388] High Crash in textarea handling. Credit to wushi of team509.
  • [$1000] [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov.
  • [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
  • [$1000] [71855] High Integer overflow in textarea handling. Credit to miaubiz.
  • [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
  • [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
  • [$1000] [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
  • [$1000] [73235] High Stale pointer in layout. Credit to Martin Barbella.
Chris Evans
Google Chrome Security Team

20 comments:

Bill said...

Wow....cool. Are all these security fixes applied in the beta and dev versions too??

Matt said...

Can I ask what is the point of providing links to the bug reports when us lay users can't access any of them?

Lionel Bee said...

Spectacular. Update the dev channel now, please.

krtulmay said...

@Matt, general access to the security bug reports should be opened when the majority of Chrome users have updated to the latest patched version.

PB said...

you should just hire some of these guys straight out. a few of them are in there every update.

Marcelo said...

A lot of fixes, because Pwn2Own!

Good job!

Bill said...

I agree with PB, Sergey needs a raise and benefits!! LOL

ilev said...

Does this version contain the update for flash 10.2.152.32 ?

Luboš Motl said...

Dear ilev, Chrome should have 10.2.154.12, newer than the version you indicate - Chrome always has the newest one - and there has been no update of this between this newest Stable Chrome version and the previous one.

See Flash version test.

Maybe you disabled internal Flash?

Chris said...

@Matt: the main purpose of these security release notes is to issue proper credit to the person who discovered the bug.
Thanks to Chrome's auto-update, "lay users" need not care about these bugs; improved security is automatically provided as an ongoing service.

Jon said...

I reckon 90% of that $100,000 must have gone to Sergey Glazunov!

Per said...

I have problems with youtube videos. The Play/Pause, Volume, Fullscreen etc. buttons are only visible once (on first load) and whenever i refresh a video or load a new one they dissapear (visible only for 1-2 sec) but they are still "pressable".

Does anyone have a solution to this?

Please e-mail me at per_karlsson@live.com

Kind regards.

Victor said...

Chrome is still having problems conjuring a webpage intermittently such as during a auto-refresh. Happens on nytimes.com, ft.com, sfgate.com...

Only parts of pages are loaded. Chrome has had this problem -- uniquely -- since its earliest versions.

Chrome may be speedy but it's like a runner who says a strand of his hair crossed the finish line and therefore he wins.

saulsaturn said...

Is this build available for download on http://build.chromium.org/f/chromium/snapshots/Win/

What build number would it be?

ricardo said...

There's still one bug that, erhm, bugs me.
Whenever I try to use the middle mouse button on a long page (i think) before it's done loading, the four-arrow cursor (or whatever it's called) appears, but gets stuck. Not just that, but dragging the page up/down/sideways also stops working.

UKCodeMonkey said...

Cool, just updated. When are you guys going to update the copyright notice, it's 2011 Google!

Peter said...

This version is still causing system crashes in OSX 10.6.6 (spinning wheel of death that you can control with the mouse but can't select other windows or force quit). It seems to be popping up in a few places in the support forums and I hope someone can tackle it. Chrome is such an amazing leap forward that it's hard to go back to FF while this is being figured out.

Neil said...

Hi, since the update, on the same day as upgrading my mcafee antivirus (total protection) it no longer shows siteadvisor ratings in search results, and the icon in the tool bar is not woking!

Matthew Newberry said...

There is a bug with version 10.0.648.127 In gmail using the advanced attachment feature you can't add files from a network drive unless you use the drag and drop. Worked fine until the update.

Daniel Mackey said...

Hi,

I'm having the same issue (10.0.648.133 beta). If the file upload is Flash and a file from a network drive is added then it shows as "0 Kilobytes" and can't be uploaded. (10,2,154,18 installed)

Works on c:\ drive but not any mapped network drives. This has happened since the last 3 beta updates.

Dan.