Tuesday, December 13, 2011

Stable Channel Update


The Google Chrome team is happy to announce the arrival of Chrome 16.0.912.63 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Chrome 16 contains some really great improvements including enhancements to Sync and the ability to create multiple profiles on a single instance of Chrome. You can read about it more on the Google Chome blog. 

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

  • [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community.
  • [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno).
  • [$500] [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG.
  • [$1000] [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security.
  • [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG.
  • [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu.
  • [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team.
  • [$1000] [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis.
  • [$1000] [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis.
  • [$1000] [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek.
  • [$1000] [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG.
  • [$500] [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG.
  • [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella).
  • [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz.


The bugs [95465], [100863], [101494], [102359], [103921] and [105162] were detected using AddressSanitizer.

In addition, we would like to thank miaubiz, Eric Bidelman, and Sławomir Błażek for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

Thanks for using Chrome! If you find a new issue, please let us know by filing a bug.

Have a happy holiday season!

Anthony Laforge
Google Chrome

38 comments:

Pierre Alexandre Lévesque Dumais said...

Yeah thanks Google for a great update for me !!! :D

Andreas said...

Where is side-tabs?

Lionel LaCorbiere said...

I am such a fan of Chrome. Thank you for such a fine product and swiftness to the updates of an ever evolving browser!

Red Aether said...

Sweet, now all I want for Christmas is Chrome 17 on beta.

Rybo said...

The Omnibox instant functionality no longer automatically loads URL's. For example if I type in usatoday and usatoday.com appears in the drop down list, and I arrow down to usatoday.com, the site won't load until I hit my enter key. I guess this was done on purpose for security reasons or something.

Женька said...

Enhancements to Sync? Where? :)

Johnny Bravo said...

I predicted that this is the point where Firefox will really start to suffer. User profiles gives chrome a massive edge and it always remove the need to use IE and
Ffirefox on your PC

gondergec said...

It isn't good. The omnibox instant url load doesn't work anymore. :|

Rafael said...

The instant preview no longer works in this version of the pages do not load without pressing the enter key.

Antonio Ooi said...

May I know how can I create a window shortcut for each profile instead of every time I will have to open the default profile first? Thanks.

Red Aether said...

@Antonio -- If you read down the blog a few posts you will see that profile specific shortcuts have only been integrated into Chrome 17 Dev so far. you may not have to wait until 17 goes stable though, seems like something they could merge in once they are comfortable with the code.

Antonio Ooi said...

Red, thanks for the info. Then I'll for version 17! ^^ This multiple profile of the same instance is just what I'm looking for and solve many of my problems! Earlier, I need to use Chrome, Firefox and IE9 to maintain 3 different accounts at the same time, LOL....

Артём said...

The best browser in the world!!!

Richard said...

Why have you disabled vertical tabs with this new version? This was so useful! Now Chrome is not useable for me any more... :-(

বাংলা চটি | চটির ভান্ডার said...

So Nice http://bdchotisex.blogspot.com

Johnathon said...

filed bug: html5 video in hidden tab given lower and lower priority (repeatedly renice +5) -> choppy video

petersaints said...

Nice! We should get 17 to Beta and 18 to Dev in the following days.

Sultee said...

Return side tabs please

Dibutil Ftalat said...

No side-tabs = No Chrome!

Why did they get dropped end not even mentioned in the logs??? Is this a bug or feature? Either way I would not let it update if knew that the side-tabs will be gone. Ind they have not been showing in about:flags page as well...

Unknown said...

If side tabs are to no longer be a feature of Chrome, I would appreciate it if you would provide instructions on how to revert back to a previous version that did have them included. Additional instruction on how to turn off the automatic updates would also be appreciated, as I don't want to move to a version that does not have the features I use the most.

Red Aether said...

Not all browsers can be everything to everyone. Does not look like side tabs are going to making a comeback anytime soon. If that is a deal breaker for you... then it is.

Mainman678 said...

Great update. I love the syncing feature. I can bring all my stuff from my browser to another PC or laptop just by signing in great job chrome. One thing I notice instant web pages are gone and only instant for search now. No big deal. Just wondering why its taken out?

Red Aether said...

For those wanting to revert back to a version with side tabs: good luck. You can probably search some instructions, but i wouldn't hold your breath waiting for google to guide you through it. The last thing they want is for old versions of chrome be floating around like IE6.

Even if you managed to revert, you would stop receiving security updates. So long as you are ok with zero day vulnerabilities going un-patched, then go for it.

Jim McLeod said...

I too am desperately seeking to return the side-tabs!
A serious WTF moment

Luca Schiavoni said...

The "recently closed" button which used to be on the bottom right has disappeared.
It is still there in the beta version.

Please put it back - it is an essential feature!

nawzad40 said...

Why cant i install extensions anymore since i updated it does the following 1.install to chrome
2.checking but nothing happens

Ben Aggus said...

This version has broken the ability to access ssl pages for me. It appears the "BEAST" defense code has been re-introduced. This code broke chrome 15 for me as well, but it was patched the day after because people apparently had problems with wsj.com and other sites.

My company uses an SSL proxy and this code is not compatible with it. I will not be able to use Chrome until it is fixed.

Umar said...

Do we have the fix for the BEAST-attack issue in this release ?

Fabio_Rulez said...

if you want side tabs back please vote for this issue:

http://code.google.com/p/chromium/issues/detail?id=104937

if you like to have password protected profile please vote for this issue:

http://code.google.com/p/chromium/issues/detail?id=92117

make them here our voice on the bug tracker!! spread this around :)

pspmodel2001 said...

Just got the update and they added Bluetooth. Just tried it but doesnt work. :/ Had a feeling it wouldnt work the first I seen it and it looks like it wont stay enabled after closing the tab. :/ Damn, oh well, next update maybe. ^_^

Edo Damara said...

nice
Red Line

Scott said...

Uninstalled Google Chrome after backing up some stuff..

Downloaded Chrome version 15 installer http://dl.google.com/chrome/install/874.121/chrome_installer.exe

Disabled automatic updates: http://www.wikihow.com/Completely-Disable-Google-Chrome-Update

Got my side tabs back.

vidmeup said...

URGENT! latest chrome update has effected embedded jwplayer see http://www.longtailvideo.com/support/forums/jw-player/setup-issues-and-embedding/24006/jw-player-missing-plugin-in-chrome

kev_211 said...

Chrome 16.912.63, the msi is not working, any help would be appreciated

kev_211 said...

The msi works fine on a clean machine, but throws an error in an upgrade scenario

hilda dada said...

I like your blog,and also like the article,and thank you for provide me so much information :)) new jersey dui law

Edo Damara said...

apalh klena ini ntah apa" ngomogn nya

Artikel yang bagus...aku sangat menyukainya
sukses selalu


back Link..!!

By: Red Line

فهد said...

The msi works fine on a clean machine, but throws an error in an upgrade scenario

thanks
مدونتي نت

add-your-blog