Thursday, September 29, 2011

Beta Channel Update


The Beta channel has been updated to 15.0.874.54 for Windows, Mac, Linux, and Chrome Frame

All
  • Updated V8 - 3.5.10.14
  • Notification promos work with New Tab Page  (Issue: 93201)
Mac
  • Follow the system preferences for session restore on Lion  (Issue: 75814)
Chrome Frame
  • Resolved Chrome Frame leaving itself in user agent after uninstallation (Issue: 94848)
  • IE Security protected mode warning when opening link in gmail (Issue: 95810)


    More details about additional changes are available in the svn log of all revisions.

    You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

    If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

    Karen Grunberg
    Google Chrome

    Tuesday, September 27, 2011

    Dev Channel Updates for Chromebooks

    The Dev channel has been updated to 15.0.874.51 (Platform version: 1011.43) for Chromebooks(Acer AC700, Samsung Series 5, and Cr-48).


    Highlights:
    • Web UI login network fixes
    • Web UI login accessibility fixes
    • Fix several functionality and stability issues
    Known issues:
    • 19931 gmail : rendering issue seen on scrolling down long email thread .
    • 20204: Gobi 3K activation fails and displays error page on Chrome OS
    • 20525: Gobi 2K shows error for the first time activation before zip code page
    • 20264: Gobi 2K activation is successful,but throwing error
    • 19421: 3G activation is taking longer time with Gobi 3K and 2K modems
    If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Beta channel? Find out how.

    Josafat Garcia
    Google Chrome

    Beta Channel Update



    The Beta channel has been updated to 15.0.874.51 for Windows, Mac, Linux, and ChromeFrame platforms

    All
    • Updated V8 - 3.5.10.13
    • Several crash fixes (including 96727, 93314, 97165, 96282)
    • Intranet URLs don't inline autocomplete (Issue 94805)
    • The New Tab Page bookmark pane has been reverted to the detached bar pending future improvements to the pane version. Thanks for all the feedback! (Issue: 92609)
    • Only show NTP4 info bubble for upgrading users (Issue 97103)
    • Sync not enforcing server legal bookmark names when migrating to new specifics (Issue 96623)
    Windows
    • Fixed wrench menu bottom border truncated in Win 7 32-bit (Issue: 96505)
    Linux
    • Native Client startup fixed for 32-bit Linux (Issue 92964)
    • Fixed fetching proxy settings on Gnome 3 systems when glib2-dev package is not installed (Issue 91744)

    More details about additional changes are available in the svn: log of all revisions.

    You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-channel.

    If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry


    Karen Grunberg
    Google Chrome

    Monday, September 26, 2011

    Dev Channel Update


    The Dev channel has been updated to 16.0.891.0 for Windows, Mac, Linux, and Chrome Frame.
    • Linux: Enabled Native Client for 32-bit Linux and also addresses a performance issue for Native Client on Intel Atom CPUs. [Issue: 92964], [nativeclient: 480]
    • Linux: Fixed fetching proxy settings on Gnome 3 systems when glib2-dev package is not installed. [Issue: 91744]
    • All: Fixed many known stability issues.
    Full details about what changes are in this build are available in the SVN revision log.  Interested in switching to the Beta or Stable channels?  Find out how.  If you find a new issue, please let us know by filing a bug.

    Dharani Govindan
    Google Chrome

    Thursday, September 22, 2011

    Dev Channel Update


    The Dev channel has been updated to 16.0.889.0 for Windows, Mac and Chrome Frame. Due to known bug, Linux isn't updated.
    • Updated V8 - 3.6.4.0
    • FTP: fixed compatibility with servers which send 451 response for CWD command. (Issue 96401)
    • Windows and Mac: Enabled multi-users (multi-profiles) by default.
    • Fixed many known stability issues.
    Full details about what changes are in this build are available in the SVN revision log.  Interested in switching to the Beta or Stable channels?  Find out how.  If you find a new issue, please let us know by filing a bug.

    Dharani Govindan
    Google Chrome

    Chrome Beta Release


    The Chrome team is happy to announce the arrival of Chrome 15.0.874.24 to the Beta channel for Windows, Mac, and Chrome Frame and 15.0.874.21 for Linux.

    Chrome 15 contains some really great improvements including:
    • A brand new New Tab Page
    • Javascript Fullscreen API is now enabled by default 
    • Chrome Web Store items can now be installed inline by their verified site (more information for developers can be found here.)
    • Omnibox History is now an additional sync data type
    More on what's new at the Official Chrome Blog.

    You can find full details about the changes that are in Chrome 15 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

    Karen Grunberg
    Google Chrome

    Wednesday, September 21, 2011

    Dev Channel Updates for Chromebooks

    The Dev channel has been updated to 15.0.874.23 (Platform version: 1011.30) for Chromebooks(Acer AC700, Samsung Series 5, and Cr-48).

    Highlights:
    • Flash updated to 11.0.31.108
    • Updated Netflix plugin to 1.2.6
    • Update GTK+ to 2.20.1 and ATK to 1.29.2
    • Fix several functionality and stability issues
    Known issues:
    • 19931 gmail : rendering issue seen on scrolling down long email thread .
    • 19651: On the WebUI user selection screen, the name of the selected user is not spoken
    • 20014: WebUI: Device offline message on X-86 machines even though network connected
    If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Beta channel? Find out how.

    Josafat Garcia
    Google Chrome

    Tuesday, September 20, 2011

    Dev Channel Update


    The Dev channel has been updated to 15.0.874.21 for Windows, Mac, Linux, and Chrome Frame.

    All
    • Fixed a bug that caused a crash if you tried to use the speech input keystroke (Ctrl+Shift+Period) on a (non-speech-enabled) textarea.
    • Fixed many known stability issues.
    Mac
    • Added bubble UI to notify the user when a page requests fullscreen mode.
    • Fixed a bug where pages requesting fullscreen mode on OS X Lion would put the browser into fullscreen mode rather than presentation mode.
    Full details about what changes are in this build are available in the SVN revision log.  Interested in switching to the Beta or Stable channels?  Find out how.  If you find a new issue, please let us know by filing a bug.

    Dharani Govindan
    Google Chrome

    Beta and Stable Channels Update for Chromebooks

    The Beta and Stable channels have been updated to 14.0.835.186 (Platform version 0.14.811.117) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

    Release highlights:

    • Pepper flash: update to 10.3.200.107
    • Crash fixes
    If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon.

    Orit Mazor
    Google Chrome

    Stable Channel Update

    The Beta and Stable channels have been updated to 14.0.835.186 for Windows, Mac, Linux, and Chrome Frame.

    This release includes an update to Flash Player that addresses a zero-day vulnerability.

    If you find a new issue, please let us know by filing a bug.

    Anthony Laforge
    Google Chrome

    Friday, September 16, 2011

    Dev Channel Update

    The Dev channel has been updated to 15.0.874.15 (Platform version: 1011.19) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).


    Highlights:
    • Pepper flash 11.0.31.105
    • Netflix plugin 1.2.4
    • Fix several functionality and stability issues
    Known issues:
    • 14267: Can't use the keyboard to focus the status bar buttons on the log-in screen
    • 19651: On the WebUI user selection screen, the name of the selected user is not spoken
    • 20014: WebUI: Device offline message on X-86 machines even though network connected
    If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Beta channel? Find out how.

    Orit Mazor
    Google Chrome

    Stable Channel Update

    The Chrome Stable channel has been updated to 14.0.835.163 for all platforms.  This release contains the following security fixes. More details about high level features can be found on the Google Chrome blog.

    Security fixes and rewards:
    Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

    • [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community.
    • [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar.
    • [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
    • [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team.
    • [76771] High CVE-2011-2830: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community.
    • [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc.
    • [$500] [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes.
    • [Mac only] [80680] Low CVE-2011-2842: Insecure lock file handling in the Mac installer. Credit to Aaron Sigel of vtty.com.
    • [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community.
    • [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes.
    • [$1000] [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis.
    • [$1000] [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz.
    • [$500] [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel.
    • [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis.
    • [$500] [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz.
    • [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz.
    • [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno).
    • [$500] [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
    • [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined).
    • [$1000] [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno).
    • [$1000] [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis.
    • [$2000] [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean.
    • [$1000] [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
    • [$1000] [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
    • [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
    • [$1000] [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz.
    • [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG.
    • [$2337] [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov.
    • [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno).
    • [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno).
    • [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
    • [$1000] [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler.
    In addition, we would like to thank “send.my.spam.to”, “Feiler89”, miaubiz, The Microsoft Java Team / Microsoft Vulnerability Research (MSVR), Chris Rohlf of Matasano, Chamal de Silva, Christian Holler, “simon.sarris” and Alexey Proskuryakov of Apple for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

    The full list of changes is available in the SVN revision log.  Interested in switching to another channel?  Find out how.  If you find a new issue, please let us know by filing a bug.



    Anthony Laforge
    Google Chrome