Wednesday, June 29, 2011

Beta Channel Update

The Beta channel has been updated to 13.0.782.41 for Windows, Mac, Linux, and Chrome Frame.

The full list of changes is available in the SVN revision log.  Interested in switching to the Beta channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Tuesday, June 28, 2011

Stable Channel Update



The Chrome Stable channel has been updated to 12.0.742.112 for all platforms.  This release contains an updated version of Adobe Flash, along with the security fixes noted below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
  • [$1000] [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
  • [$1000] [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
  • [$500] [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
  • [$500] [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
  • [$1000] [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
  • [$1000] [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.
The full list of changes is available in the SVN revision log.  Interested in switching to another?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

Monday, June 27, 2011

Dev Channel Update


The Chrome Dev channel has been updated to 14.0.803.0 for all platforms.  This release has the following changes and notes:

All
  • Updated V8 - 3.4.6.2
  • [r90216] Change the meaning of third-party cookie blocking to allow whitelists (Issue 82039)
Mac
  • Relaunches do not work in this release.  You will need to manually relaunch Chrome following a forced update, an about:flags change, or any other action that attempts to relaunch the browser. (Issue 87646)
Linux
  • [r90417] Remove the Global Bookmarks menu by default on Ubuntu Natty, in an attempt to fix minute long startup regression on desktop environments that use dbusmenu. (Issue 86715)
The full list of changes is available in the SVN revision log.  Interested in switching to a different release channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

Wednesday, June 22, 2011

Beta Channel Update

The Beta channel has been updated to 13.0.782.32 for Windows, Mac, Linux, and Chrome Frame.

The full list of changes is available in the SVN revision log.  Interested in switching to the Beta channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Monday, June 20, 2011

Dev Channel Update

The Dev channel has been updated to 14.0.797.0 for Mac, Windows, Linux, and Chrome Frame platforms

All

  • Updated V8 - 3.4.4.0
Windows
  • Improved support for the textarea element with screen readers.
Mac
  • Improved support for the textarea element with VoiceOver.

Resolved Issues

  • Print workflow: Chrome Frame displays both Print Dialog and Print Preview (Issue: 86226)
  • Crash when canceling print (Issue: 86229)
  • Mouse back and forward buttons stopped working  (Issue: 84836)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry


Karen Grunberg
Google Chrome

Thursday, June 16, 2011

Dev Channel Update


The Dev channel has been updated to 14.0.794.0 for Windows, Mac, Linux and Chrome Frame platforms

All
  • Updated V8 - 3.4.3.0
  • When installing items from the chrome webstore, we now always prompt with a native confirmation dialog.
  • Fix for failing navigation with chrome://newtab showing.
Mac
  • Fixed “invalid server certificate” errors for some secure websites whose CRLs or OCSP responses are signed by untrusted root CAs.
Linux
  • Added a makeshift multiprofile button.

Security
  • DNSSEC authenticated HTTPS supported.
  • Intermittent connectivity issues with broken SSLv3 servers fixed.
Known Issues
  • When reloading a page reached via a HTTP POST operation (such as the confirmation page following a form submit during an online transaction), the whole browser will crash (Issue: 86119)
  • volume controls are not functioning on keyboard (issue: 84961)
More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

Beta Channel Update

The Beta channel has been updated to 13.0.782.24 for Windows, Mac, Linux, and Chrome Frame. For an overview of the features shipping in Chrome 13, check out the Google Chrome Blog.

The full list of changes (spanning 5000 revisions) is available in the SVN revision log.  Interested in switching to the Beta channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Wednesday, June 15, 2011

Dev Channel Update

The Dev channel has been updated to 13.0.782.24 for Windows, Mac, Linux, and Chrome Frame.  This release contains a number of stability fixes and the Flash update.

The full list of changes is available in the SVN revision log.  Interested in switching to the Dev channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Tuesday, June 14, 2011

Chrome OS Beta Channel Update

The Chrome OS Beta channel has been updated to R12 release 0.12.433.114 including Chrome 12.0.742.105. The release includes below change:

  • Update Flash plugin to 10.2.158.26
If you find new issues, please let us know by visiting our help site or filing a bug. You can submit feedback using ‘Report an issue’ under the wrench menu.

Josafat Garcia
Google Chrome

Stable, Beta Channel Updates


The Chrome Stable and Beta channels have been updated to 12.0.742.100 for all platforms.  This release contains an updated version of Adobe Flash.  Interested in switching to the Beta or Stable channels?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

Monday, June 13, 2011

Dev Channel Update

The Dev channel has been updated to 13.0.782.20 for Windows, Mac, Linux, and Chrome Frame.  This release contains a number of stability fixes and we put hardware accelerated Canvas 2D back behind a flag.

The full list of changes is available in the SVN revision log.  Interested in switching to the Dev channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Thursday, June 9, 2011

Dev Channel Update

The Dev channel has been updated to 13.0.782.14 for Windows and Chrome Frame, and 13.0.782.15 for Mac and Linux.  This release contains a number of stability fixes.  The full list of changes is available in the SVN revision log.  Interested in switching to the Dev channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Wednesday, June 8, 2011

Dev Channel Update

The Dev channel has been updated to 13.0.782.13 for Windows, Mac, Linux, and Chrome Frame.  This release contains a number of UI tweaks and stabilities fixes.  The full list of changes is available in the SVN revision log.  Interested in switching to the Dev channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Tuesday, June 7, 2011

Dev Channel Update

The Dev channel has been updated to 13.0.782.11 for Windows, Mac, and Chrome Frame.  This release contains a number of UI tweaks and stabilities fixes.  The full list of changes is available in the SVN revision log.  Interested in switching to the Dev channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Chrome Stable Release

The Google Chrome team is happy to announce the release of Chrome 12 to the Stable Channel for all platforms.  Chrome 12.0.742.91 includes a number of new features and updates, including:
  • Hardware accelerated 3D CSS
  • New Safe Browsing protection against downloading malicious files
  • Ability to delete Flash cookies from inside Chrome
  • Launch Apps by name from the Omnibox
  • Integrated Sync into new settings pages
  • Improved screen reader support
  • New warning when hitting Command-Q on Mac
  • Removal of Google Gears
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$2000] [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz.
  • [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined).
  • [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR).
  • [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to “DimitrisV22”.
  • [$1337] [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc.
  • [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno).
  • [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community.
  • [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc.
  • [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.
  • [$500] [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne.
  • [$1000] [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz.
  • [$1000] [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov.
  • [$3133.7] [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov.
  • [$1000] [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov.
In addition, we would like to thank David Levin of the Chromium development community, miaubiz, Christian Holler and Martin Barbella for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.


We’d also like to call particular attention to Sergey Glazunov’s $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date.


You can find out more about Chrome 12 at the official Chrome Blog.  The full list of changes is available in the SVN revision logs (Trunk, Branch).  Interested in switching to the Stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.


Jason Kersey
Google Chrome