Thursday, March 8, 2012

Chrome Stable Channel Update

The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame.  This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glazunov for the first submission to Pwnium!

  • [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

12 comments:

LuboŇ° Motl said...

Sergey Glazunov has just surpassed Warren Buffett in the list of wealthy people. Congratulations.

Richard Kral said...

What the hell Sergey Glazunov!!! 60 000 bucks!?! How is it possible he`s not in Google Chrome dev team?

Kurt Bugeja said...

Congrats ching!

Fortran said...

Even more impressive is how fast Google fixed this. These are the bugs Glazunov exposed just a day or two ago in the Pwn2Own contest!

Lionel LaCorbiere said...

Sergey is always doing great thing s for the Chrome browser. It makes me think sometimes that he somehow engineers the bug then fixes it to claim his paycheck. But I know that not possible. He's just damned good at what he does!

Manish said...

Congrats Sergey!

Bolo Srewu said...

yes, awesome, may google chrome will not frequently crashes i hope, and more hope... :-)

STiAT said...

Congratulations Sergey, and congratulations / thanks to the Google security/dev team fixing this so fast pushing out an update.

I'd like to see that kind of fix timeline in more companies. I wonder though how you managed to get through the quality boards that fast ;-).

Jeppe said...

More than a great achievement for the hacker in question, it's a major win for the Chrome eco-system.

A major strength that Google acknowledges flaws and fixes them instead of trying to hide them as some other browser vendors.

NICHOLAS said...

Wow congrats I've been using Chrome since version 3 and i count be more happy to see how it turned out. This browser blows away all compition in my opinion.

Thank Sergey for finding the exploit and Chrome Team for pushing out an update so fast :)

Ganesh J. Acharya said...

Nither the old build old_chrome.exe is working, nor chrome.exe is working. What do I do?

arun nair said...

I am using chrome 17.0.963.78 on centos 6.2 and I still face the issue of shockwave flash crash in chrome .....