The Google Chrome team is pleased to announce the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Spanning 5200+ revisions, Chrome 13 contains some exciting new features like Instant Pages prerendering technology. To find out about other new features, check out the Official Chrome Blog.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
In addition, we would like to thank David Levin, Kostya Serebryany, John Abd-El-Malek and Darin Fisher of the Chromium development community, “daduck10” and Collin Payne for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.
Thanks again to all the security researchers we work with. There are $17,000 of rewards in this patch, which is possibly the best haul yet.
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [75821] Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov.
- [$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella.
- [79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc.
- [79426] Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc.
- [Linux only] [81307] Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov.
- [83841] Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc.
- [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc.
- [84600] Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla.
- [84805] Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc.
- [85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki.
- [$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc.
- [$1000] [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.
- [$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
- [$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
- [$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
- [$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz.
- [$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long.
- [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
- [$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
- [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team.
- [$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz.
- [$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen.
- [$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler.
- [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno).
- [$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
- [$1000] [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella.
- [$500] [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG.
- [$1500] [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov.
- [$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov.
In addition, we would like to thank David Levin, Kostya Serebryany, John Abd-El-Malek and Darin Fisher of the Chromium development community, “daduck10” and Collin Payne for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.
Thanks again to all the security researchers we work with. There are $17,000 of rewards in this patch, which is possibly the best haul yet.
You can find full details about the changes that are in Chrome 13 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.
Anthony Laforge
Google Chrome
Anthony Laforge
Google Chrome
46 comments:
Finally after much delay waiting for Google officially launches the stable version of Chrome aeeee 13.
Glad to have it arrive :)
Also glad they took the extra time to fix what was alot of Bugs :)
Thanks
w00t !!!!111211!!!
When a tab is loading a page and you quickly open another tab, there is an error massage that is been displayed.
Why is there an "m" in the version number?
13.0.782.107 m
Windows
@cody: multiple
Now we can look forward to the same idiots complaining about Stable 13 taking too long to come on the Canary channel and demand immediate release of Stable 14.
Does anyone know of a good way to downgrade from Dev 14 to Stable 13 while keeping custom searches and other settings? Does 13 stable have profile sync already?
what about compact navigation? is implement in this version?
Something about the compact navigation? I wonder if it will be implemented in this version or future versions and will work with the instant and the instant search page.
Compact navigation can be enabled in the flags (see about:flags), somewhere near the end of the list. The implementation has been canceled though, so be prepared for the flag to disappear one or two versions down the line.
So to say that Google has abandoned the model of the compact version of Google Chrome? I clicked on about: flags'm getting more use it has some bugs. I wonder if they will fix this and implement in future versions of Google chrome default because this feature is excellent.
Someone/Anyone would tell me how to enable "Instant pages" ???
Because I use "about:flags" and there's an entry about Instant pages but I'm not sure if that's the correct way..
Thank you!!!
Thanks for the stable release! Wow too many security fixes...
@joesixgig, why are you bothering to post info about that flags option especially when you know the feature in cancelled?
Removing that flag was the only step the Devs didn't bother to do.
You're just getting people's hopes up for nothing and telling to try a discontinued feature that could have bugs.
FINALLY THANK GOD!! I have been waiting too LONG thanks GOOGLE CHROME!!!!
anyone know how to turn instant off for certain web sites?
It causes problems when playing pogo games. Not sure if then it will cause issues for other games?
I'm at dev channel and I want to switch to stable channel.
But profiles are not compatible.
Any solution?
Thank you guys and sorry for my poor english.
@josep bel
Follow this steps
http://dev.chromium.org/getting-involved/dev-channel#TOC-Back-up-your-data-
No Lion support for back/forward still?
Chrome hasn't been my default browser since Lion because of this. I'd love to change that!
FINALLY the most visited thumbnails don't disappear for no reason anymore.
How can I enable INSTANT PAGES???
@Adrian Fbris type about:flags in address bar and go all the way at the bottom that says preload instant search click enable and there you go.
Mainman678, I'm asking because I internet I've just read that I have to go to "chrome://settings/search#instant" (type this in url bar) and this is a different way, which I'm not sure is correct what this guy said..
finally.. :)
I enabled instant search feature. It loads any page instantly but It doesn't work if i try to search something through omnibar. (default search engine is google)
Please add option to delete history "older than xxx". Now i can only clear history "newer than" which is not enough for me.
Now i have to clear full history to remove history from 2-3 months back.
Thank you.
can not save password when logging into gmail any one else having that problem
Had to downgrade do to new version doesn't block cookies.. plz fix this soon.
Why is the compact navigation being dropped? I immediately turned the flag on and would love for this to stay. Can anyone point me to a discussion or more information about this?
@Jos - 2 things.
1) Google decided "this is not the way Chrome should look like in the future", so that's why.
2) They said it would eat up too much time to polish it and fix bugs.
I love the feature too, and maybe drop Chrome when they remove the flag.
Excellent... but, still no 64 Bit for Mac?
It would have been nice if the release notification would have specify that this new Chrome release requires newer libstdc++ for Linux.
On SLES 11 SP1 64bit, Chrome is not working any longer. We have the following error:
/usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.11' not found
When will Chrome support Tab Groups ala Firefox Panorama?
See how Firefox Panorama works here:
http://www.youtube.com/watch?v=5r0TQJ-gGi0
How looooong will it take before this 'last' missing feature will emerge?
@EnmRomero
I know, but the profile is not 100% compatible. We need a great tool to switch channels.
:-P
This release is really a disaster. Needs a badly needed update. Search bar lag. People also reporting no printing when printing pdf's.
now we just need chrome 14 on beta and 15 on dev....no mas milestone update in a while lol.
13 runs amazing on my new machine but like a turd on my old one...can't keep 10 tabs open w/o lag =(
Will Chrome automatically update itself? b/c as of right now, Chrome is still version 12 on my computer?
Why do i see additional m in the version number?
13.0.782.107 m
@Revisited: "m" multiple profile supported.
Could somebody be kind enough to explain what is this "Override software rendering list" flag,please?
Thank you.
Playing youtube videos in fullscreen mode doesn't work for me, I just get sound on a black screen. Am I the only one with this issue?
@The World's Worst Writer is a issue of Flash Player not of chrome!
I just want to voice that I do not think the compact navigation or the experimental tab page should be canned. I thought it's weird that these flags weren't turned on by default.. I turned them on immediately and have been using them since updating and I don't think I want to go back assuming the Chrome team removes the flag...
I've just updated Chrome in my Windows machine and now shows "Chrome 13.0.782.107 m". Uninstalled it and installed it again and now it doesn't show the "m". Can someone explain this?
Some change in Chrome 13 now results in our test suite generating different results based on whether we start up a "clean" copy of Chrome, or whether we rerun the test by reloading the page. The Processing.js performance tests that we run will take, for instance, 14 seconds on initial clean page load, and 18 seconds when the page is reloaded from URL in the same chrome instance. Somehow, this new version is terrible at dealing with javascript on reloaded pages.
Actual performance test results:
14718ms initial page run
18045ms on the same run after page reload
31149ms on the same run, repeated a second time without reloading the page from URL
Feel free to drop by #processingjs on irc.mozilla.org to figure this one out.
Post a Comment