Sunday, March 4, 2012

Chrome Stable Update

UPDATE: We detected a minor issue and have temporarily suspended pushing this release. A new release of Chrome stable will be available shortly.


The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame.  This release fixes a number of issues including:
  • Cursors and backgrounds sometimes do not load (bug 111218)
  • Plugins not loading on some pages (bug 108228)
  • Text paste includes trailing spaces (bug 106551)
  • Websites using touch controls break (bug 110332)
Along with these fixes, the release contains an updated version of the Adobe Flash player.  More information on Flash updates is available from Adobe.  

Security fixes and rewards:

Firstly, we have some special rewards for some special bugs!

  • [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
  • [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
  • [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.
To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn’t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
  • [$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
  • [$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
  • [$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
  • [$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
  • [$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
  • [$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
  • [$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
  • [$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
  • [$500] [114054] Medium CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
  • [$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
  • [$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
  • [$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
  • [$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.
The majority of the above bugs were detected using AddressSanitizer, which rocks.

More detailed updates are available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

16 comments:

Rafael said...

Thanks Google Chrome team and congratulations for the great work

Lou Gagliardi said...

I am glad that Chrome fixed the Flash issue. In previous versions, for me, using Windows 7 Home Premium the sound quality on youtube was too low (compared to firefox and IE). I'm glad that in the latest version that was fixed; now I have one browser to rule them all instead of 10!

Joshooaaa said...

Can you please make a app for Windows 8 consumer preview?:-)

dupcengier said...

i see message about server with update isn't available ...
http://img707.imageshack.us/img707/6829/googlechromeserwerniedo.jpg
please fix

Martin Bartlett said...

Suddenly Chrome is very flaky and crashes frequently when using RSS Live Links (no pattern discernible, but it was stable yesterday). My user are not happy!

Martin Bartlett said...

It appears that class changes within a getElementsByClassName loop no longer removes those elements from the NodeList. That's gonna screw lots of people of up isn't it?

Andre said...

In 17 version i got a problem. All .docx or .xls files, which i download with chrome allways opening with error.

Matt said...

when i go to about google chrome, it says that google chrome is updated, but i have the version 17.0.963.56.
What happens with Google?
I have two computers: one with Windows 7, other with Vista: and the same problem.

eLDuRo said...

@Matt Just uninstall the old Chrome & install the new update, the same thing happened to me

EriCSN Chang said...

1337 d00d...
LOL

Michael Horowitz said...

On three of my computers, all running Windows, version 17....56 reports that it is up to date.

Adam said...

None of my Windows 7 32 bit machines are able to update themselves. I try to update them manually, but Chrome says that "Chrome is up to date with ver 17.0.963.56" I don't see it on my Windows 7 64 bit machine though.

Lizard said...

Unable to update to the latest version. Chrome reports it is at the latest version with 17.0.963.56.

Windows 7 x64 Professional

Google Chrome 17.0.963.56 (Official Build 121963) m
OS Windows
WebKit 535.11 (@107413)
JavaScript V8 3.7.12.22
Flash 11,1,102,62
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Command Line "C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe" --flag-switches-begin --enable-print-preview --flag-switches-end
Executable Path C:\Users\\AppData\Local\Google\Chrome\Application\chrome.exe
Profile Path C:\Users\\AppData\Local\Google\Chrome\User Data\Default

Donald said...

I also can not update on Win 7 64 bit. I even uninstalled and reinstalled from the web and it's still on v 17.0.963.56 and says it's up to date.

dvbking said...

hi after this update my flash video no sound. pls fix.

rlshosting said...

I clicked the links with the High CVE-2011 and it says:
403. That’s an error.

Your client does not have permission to get URL /p/chromium/issues/detail?id=116093 from this server. That’s all we know.