Tuesday, June 7, 2011

Chrome Stable Release

The Google Chrome team is happy to announce the release of Chrome 12 to the Stable Channel for all platforms.  Chrome 12.0.742.91 includes a number of new features and updates, including:
  • Hardware accelerated 3D CSS
  • New Safe Browsing protection against downloading malicious files
  • Ability to delete Flash cookies from inside Chrome
  • Launch Apps by name from the Omnibox
  • Integrated Sync into new settings pages
  • Improved screen reader support
  • New warning when hitting Command-Q on Mac
  • Removal of Google Gears
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$2000] [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz.
  • [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined).
  • [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR).
  • [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to “DimitrisV22”.
  • [$1337] [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc.
  • [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno).
  • [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community.
  • [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc.
  • [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.
  • [$500] [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne.
  • [$1000] [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz.
  • [$1000] [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov.
  • [$3133.7] [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov.
  • [$1000] [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov.
In addition, we would like to thank David Levin of the Chromium development community, miaubiz, Christian Holler and Martin Barbella for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.


We’d also like to call particular attention to Sergey Glazunov’s $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date.


You can find out more about Chrome 12 at the official Chrome Blog.  The full list of changes is available in the SVN revision logs (Trunk, Branch).  Interested in switching to the Stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.


Jason Kersey
Google Chrome

39 comments:

Omar said...

guys you are amazing, chrome versions are updated very fast ,always new features or vulnerabilities fixes..Amazingggggggggggg :D.I LOVE CHROME

connoereomnd said...

great update glad to see it =]

shayne said...

I am glad to see Google chrome 12 in the stable version

gsctt said...

You're kidding me!
I trusted and used to work with my Gmail offline until today, before this AUTOMATIC update release broke everything. How can I solve my problem, if I don't have another browser installed?

Yitzhar Adailson said...

Saved Passwords protection please!!!!

Charbel Nicolas said...

You forgot to add the tab suspension points when the text is too long... they don't show anymore... you always let stupid bugs like these get by...

Carl said...

i don't know it a bug or not...

But, when i open facebook and scroll it down, the status in down will same with in up..

sory for my english so bad.. i hope you understand..

Gabi said...

hardware acceleration is not working for me. nvidia gts 250, latest version driver and still not working. ideas how can i fix this ?

Luboš Motl said...

Great. Is there some manual explaining how we can run the apps from the omnibox? Does it already work for normal apps or is it just an option for developers? Tx, LM

Jor said...

"->beautiful<- chain of lesser severity bugs"? You guys are hilarious! Also, that was one quick last beta o-o .

Mario said...

The standalone installer fails during installation

Luboš Motl said...

Oh, I am silly. Of course that it is the Google Apps that may be run from the omnibox. It works...

BubbaBubbs said...

Chrome 12.0.742.91 bug - Extension/Developer Tools

I upgraded to Chrome 12.0.742.91 this morning. Found the following bug in Developer Tools:

- Right-click on my extension's icon (the extensions is in development, not GA yet),
- choose "Inspect Popup"
- Resources
- Local Storage does not show the entry for my extension ID. However, when I hit F5, the Developer Tools window refreshes, and the entry shows.

thanks

hdtwu said...

very nice updates! But could you please make password protection like in IE? I don't feel safe that my login, cookie, history etc can easily be seen at ease.

hdtwu said...

i don't know whether this is a bug or was intentionally change but the tab title doesn't fade at the beginning of it, only at the end...

war59312 said...

Sergey Glazunov is the man!

Placeholder said...

Protection for saved passwords please!

bunnyhero said...

noooooooo did you take away the improved omnibar search option that was available in about:flags? i miss that so much :(

Kurtextrem said...

Sergey Glazunov is getting rich from Google... every big stable channel update, he is rewarded with > 1000$

Spefferonie said...

Chrome? sure thing! What else? The most easy browser ever and forever!

Samson said...

Content script injection by extensions into into New Tab didn't seem all that bad of a bug to have and should have been converted to a feature.

Being able to add small dashboard, or an additional divider (apps, most visited, recently closed) to update users on their extensions would have been a nice balance then forcing them to decide on committing to a completely new override page.

snooz said...

Since the 12.0.742.91 we have problem on our Intranet website.

For a reason we dont know, some page long to long are not showing all the information but, all the HTML code is in the code source.

Some have this problem ?

Twig said...

Hopefully this version will be able to find google.com LOL My last version often couldn't.

Pavel said...

Please don't use the term "flash cookies". Flash's local storage is equivalent to HTML5's local storage, not equivalent to cookies.

Twig said...

Still when I open chrome at times, it says it can't find google.com When I reload it it comes right up.

Julien said...

why gmail offline is broken ?

Gabi said...

so many bugs in this version... rushing on releasing a new version is no use if it comes with many bugs. f*ck it !!! on youtube pages the loading icon keeps showing the page is loading forever, ui bugs... sometimes it tells me that website is not existing, after i reload the site, boom, the site is back. i want to use chrome, but chrome doesen't wan't me.

Francisco R. said...

"sometimes it tells me that website is not existing, after i reload the site, boom, the site is back."
This has happened to me lately too.

I thought it was my connection. Is Chrome the problem here?

Gabriel said...

I need the web address of the standalone installer of Google Chrome

Tomas said...

I'm getting an error when I click on the security fix links. Are they supposed to work?

And another questions: looks like the debugging messages format changed; where could I find documentation about those changes?

Mario said...

For those who asked for the link to download the standalone installer

http://www.google.com/chrome/eula.html?standalone=1

Gabi said...

@Francisco R.
Yep, Chrome is the problem.

António Caldas said...

Good stuff, keep it up guys!
Thanks
Antonio

bongobongo said...

When will Chrome support Tab Stacking?

Right now, Tab Stacking is the most wanted feature, at least for me :)

Keep up the good work. Chrome rules!

Tab Stacking info here:
http://www.google.com/support/forum/p/Chrome/thread?tid=4cb099dc3eadecb4&hl=en

Tera_GX said...

Google Gears removed? I am so sad! Myself and my friends are big fans and users of Google Wave and all its features. The Google Gears support in it was great, very convenient and fast.

Stroboscopic said...

Keep receiving - 'Oops! Google Chrome could not connect to' on sites that always loaded without problems before the update.

oguz said...

videos suckz in chrome for 2-3 weeks.so i decided to use opera after 1 year. if it ll go on like that i think most of people will change their browsers like me.

tommy said...

why does google chrome update automaticly when new version is out

MrZerock said...

Wow nice job Sergey zD