Wednesday, February 15, 2012

Chrome Stable Update

The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame.  This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash.  More info on the Flash update is available from Adobe.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
  • [$500] [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
  • [$1000] [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
  • [$1000] [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
  • [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk / Gynvael Coldwind of the Google Security Team.
  • [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
  • [$1000] [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
  • [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
  • [$500] [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
  • [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
  • [$500] [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
  • [$1337] [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
  • [$1000] [112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.
The bugs [106336], [106336], [110172], [110849], [111779] and [112847] were detected using AddressSanitizer.

More detailed updates are available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

12 comments:

shayne said...

Has anybody fixed the problem where on adobes site it jumps and what not along with the bug when you start the browser up there is not plus sign to open a new tab just wondering.

Louis said...

I'm just pasting the same message that I sent concerning the previous version mainly because of the Java 7 problem:

XP SP3,Catalyst 11.8

Quite a good build:
-The blue page anomaly is almost (Almost...) corrected
-Speed is excellent,no crash so far
-the way the History is displayed is plain gorgeous.Don't eva change it,please.

The problems:
- A MAJOR ONE.I just updated my JRE to 1.7.0.3 and now the java test fails with Chrome BUT not with IE8 (Patched from 14/02/2012) !!!
I can't play at Balls&Walls anymore either:
http://www.zylom.com/us/en/online-games/balls-n-walls/?sgid=51
My java apps work nevertheless.
- enabling "GPU Accelerated Drawing" breaks the scroll bar (Its behaviour becomes erratic) and makes it transparent(!).
- one last thing that intrigues me:the WebM test in Peacekeeper stutters.Is it Chrome or the test itself (Been like this ever since the new Peacekeeper was released) ?

shayne said...

Yea true

◄♪♫ संदिप पाटील ♫♪► said...

WoW!! Finally a version whooch works with no problem (till now). And now I am disabling automatic updates because I am annoyed how major bugs are present in stable channel releases.(ie. Youtube crashes, Image saving problem) (Will update it after positive reviews only)

SWAN-IN-CROWS said...

chat list does'nt appear of gmail a/c in chrome browser while i can see in other browsers like IE or Opera. It is erratic in Chrome some chat list may appear but most of the time it does not. Any soltions ??

eLDuRo said...

With this update now everytime I load up Youtube it say's "This page has insecure content" this is very annoying, is anybody having this problem also?

eLDuRo said...

One thing I did was to disable all the extensions and I am still having the Insecure Content on Youtube, I am going to install an older version of Chrome to see if I have the same problem! SMH

Mahatab said...
This comment has been removed by a blog administrator.
maple story mesos said...
This comment has been removed by a blog administrator.
TheJMan said...

google instant is not working along with the autocomplete on the google home page whenever im trying to search something, the list does not show up.

Louis said...

Apologies to the Chrome team:
THE LATEST Java 7 works just fine.
I had to unistall everything related to Java in add/suppress programs and it just worked...But not in IE8 anymore! So reinstalled Java 7,update 3 from a stand-alone installer and off it went.

Pingo Lao said...

Megaupload Premium Link Generator HQ is one type of advance search engine technique. Using this technique or using this Megaupload search engine we ca get the data faster and more accurate as compare to previous search engine.. Megaupload Search Engine