Monday, August 22, 2011

Stable Channel Update


The Chrome Stable channel has been updated to 13.0.782.215 for all platforms.  This release contains the following security fixes.


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.
  • [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.
  • [$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
  • [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz.
  • [$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
  • [$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.
  • [$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.
  • [$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
  • [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).
  • [$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov.
  • [$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.
The full list of changes is available in the SVN revision log.  Interested in switching to another?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

21 comments:

Colin said...

miaubiz is making bank from this haha

Jack (Phred_13) said...

Forgot the “Stable updates” label. Some of us use that to determine when to update.

Manish said...

Thanks for the update.

Marcus_R said...

You say the full list of changes is available in the SVN revision log, but I can't find anything on Issue 86895, "flash key-state detection failing on Win7/Vista", even though a developer said it'd be included in the stable channel released today..?

itshaman said...

быстро исправляете ;)

SAHIL said...

it has an 'm' in front of the version no....wat is it?

Okung said...

@SAHIL

The "m" just means that you have multiple versions of Chrome installed in C:\Users\username\AppData\Local\Google\Chrome\Application. You might have multiple versions of Chrome if you didn't download the latest version, but updated to it. The new version won't replace the old one, in case of installation failures. So in essence, when Chrome detects that you have more than one version of Chrome, it displays "m" after the version number in the [About Google Chrome] window.

petko said...

I also have the 'm' in the about window and only have one chrome installation - the stable one. Haven't touched the beta or dev, or the canary channel (if it still exists) at all.

MrZerock said...

Yeah i only use 1 version is beta and theres "m" too. Any other explain?

MikeN said...

If you had Google CHrome 12 or an older version on your machine and updated that's why you have the "m". It's exactly what @Okung said but I guess you didn't get it.

LadySidi said...

When I go to update, it says something like "update server failure (Error: 3). Any idea why, or when it will be fixed?

dac0302 said...

I don't understand anything here. Chrome loaded when I downloaded Ifranview, a free graphics program)I don't know why?
I went to the link "Chromium security page", but can't figure out what to do from here?

So, can someone tell me in plain English, Thanks!!

msi2 said...

When you open a new tab while the previous one is loading a page, the new tab crashes (There's an error message). I'm on WinXP. Oddly enough, that issue is still being carried on the recent devbuild (Chromium15).

petko said...

I had a fresh installation of Windows a week ago. then I directly grabbed Chrome 13 (never had any previous installation of Chrome whatsoever). And now I minor-update and the stupid 'm' is there.

Anyhow, just hope Google sorts this out cause it's annoying...

FREEWILLY said...

the "m" after the version number stands for Milestone (aka major chrome versions).

okungnyo said...

@petko

I did not have the "m" when I fresh-installed Chrome. Your copy of Chrome must have updated to a minor security-fix release, maybe that's why you didn't notice?

shayne said...

Will we be seeing a updated version of adobe flash for chrome soon=].

HKawai said...

it is making my search bar slow and didnt even load after press 'enter'...it takes very long time to open link from my bookmark...seriously, i think this isn't my pc problem but chrome latest version (13.0.782.215 m)..here is the link of other who are inthe same shoe as mine:

http://www.google.com/support/forum/p/Chrome/thread?tid=626cdf7fb73e4358&hl=en

Dave said...

Its not a browser problem. My chrome launches instantly. It opens bookmarks instantly and it goes to web pages instantly. Has to be your pc.

mechandler34 said...

The flash update has been out for two days now and still no update for Chrome. What gives?

shayne said...

I hope they update it soon its a security update by adobe