Thursday, November 10, 2011

Stable Channel Update

The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms

  • Updated V8 -
  • Fix small print sizing issues (issues: 10218682472102154)
  • This new build also contains a new version of Flash which contains security fixes. (Release Notes)
  • Fixed the "certificate is not yet valid" error for server certificate issued by a VeriSign intermediate CA. (issue 101555)
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$500] [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
  • [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
  • [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
  • [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
  • [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community.
  • [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
  • [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).
The bugs [100465], [100492], [100543] and [101458] were detected using AddressSanitizer

Full details about what changes have been made in this release are available in the SVN revisions log. Interested in switching to another channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


John D said...

Why does 15.0.874.120 show up as 15.3.27256 in Uninstall Programs on Windows 7?

msi2 said...

Does extensions still crash randomly?

Mamdouh said...

please update policy list and added
allow running insecure content to it

Mainman678 said...

built in crash always crashes. when will google fix this.????

trik bisnis said...

i thinks its good info men, thanks a lot from justin

gondergec said...
This comment has been removed by the author.
gondergec said...

Can you make Chrome create a folder in /AppData/Local/Temp for updates in order to who use software restriction policies can set that folder allow?

Nat said...

The memory leak has gone from bad to worse in this release though especially with flash video

ComputerX said...

GoogleChromeStandaloneEnterprise.msi downloaded on 11/14/2011 and 11/15/2011 show the ProductVersion property as 15.3.27256.

bilgisayarkursu said...
This comment has been removed by a blog administrator.