Wednesday, March 21, 2012

Stable Channel Update

The Chrome Stable channel has been updated to 17.0.963.83 on Windows, Mac, Linux and Chrome Frame.  This release fixes issues with Flash games, along with the security fixes listed below.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

  • [$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
  • [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
  • [$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
  • [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
  • [$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
  • [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
  • [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
  • [$2000] [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

  • [108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.

More detailed updates are available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

10 comments:

DBZmusicboy01 said...

When loading YouTube sometimes it doesn't log in and many sites doesn't load fully or when I click in some bookmarks it brings me to the wrong url...for 2 weeks I have been having problems with the stable version of chrome...but the version from February was the best.

Rafael said...

Thanks Google Chrome team it was time to update the browser since the last update the browser did not behave well fought had errors and so on. Since this version 17.0.963.83 be returned to the browser Chrome the best browser on the market. Congratulations and thank Chrome Team

pankaj prasad said...
This comment has been removed by a blog administrator.
dhaval thakar said...

hi,

can you pl release drpm for Linux OR release TAR packages like Firefox.

that will be faster update for linux users.
I believe google already provides incremental update for Windows users.

eLDuRo said...

@DBZmusicboy01 I agree with you on certain websites not loading fully ever since I updated to the latest Stable version I am experiencing this problem other than that this update is really good! =)

notablog said...

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

Which release was this for? Also, how can one get access to view the Chromium issue? It's blocked for me even though I'm logged in.

Thanks!

Mainman678 said...

I hope this fixed the crashing issues.

BearyNice2U said...

Please fix all the flash player crashes, when trying to view ustream or utube it crashes continually! Have been having this problem sice they changed things in google chrome. HELP!

Rafael said...

What's going on with Google Chrome? I just do not understand since the launch of the first stable version of Google Chrome the browser crashes while loading the pages in the roll fails, and among many other things. It was not like that and not my computer, but Google Chrome as it did several tests with other browsers eg Safari, Opera, Firefox, and these problems just do not happen only happen while I'm using Google Chrome. What is happening?

deepakw3c said...

Good job! This is the kind of information that must be shared across the Web.Thanks for sharing.
mcafee support
Avast Antivirus Support
Avast support
Panda Antivirus Support