Tuesday, July 31, 2012

Stable Channel Release


The Chrome team is excited to announce the release of Chrome 21 to the Stable Channel. 21.0.1180.57 for Mac and Linux. 21.0.1180.60 for Windows and Chrome Frame. Chrome 21 contains a number of new features including a new API for high-quality video and audio communication. More detailed updates are available on the Chrome Blog.  


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [Linux only] [125225] Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes).
  • [127522] Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security.
  • [127525] Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security.
  • [128163] Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG.
  • [130251] [130592] [130611] [131068] [131237] [131252] [131621] [131690] [132860] Medium CVE-2012-2850: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [132585] [132694] [132861] High CVE-2012-2851: Integer overflows in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [134028] High CVE-2012-2852: Use-after-free with bad object linkage in PDF. Credit to Alexey Samsonov of Google.
  • [134101] Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock.
  • [134519] Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community.
  • [134888] High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [134954] [135264] High CVE-2012-2856: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [$1000] [136235] High CVE-2012-2857: Use-after-free in CSS DOM. Credit to Arthur Gerkis.
  • [$1000] [136894] High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Jüri Aedla.
  • [Linux only] [137541] Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team.
  • [137671] Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Drew Yao / Braden Thomas / Jim Smith (all Apple Product Security), Kostya Serebryany of the Chromium development community, Atte Kettunen of OUSPG and Bernhard Bauer of the Chromium development community for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.




Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome


57 comments:

hbguru said...

is new chrome only getting security fixes?
if not maybe we could be less geek and highlight here (not on SVN) what are the new features.

Tyler said...

hbguru: http://chrome.blogspot.com/2012/07/new-senses-for-web.html

Unknown said...

My bookmarks page seems to have got way too big in this chrome 21

Richard Kral said...

I`ve noticed one important change not mentioned above. PepperFlash player is set by default instead of "normal" Flash player.

Win XP SP3

אדי מליק said...
This comment has been removed by the author.
Jor said...

Whoa, wait... It's been that long already?

Jor said...

So I'm using Pepper Flash now, which is actually working decently compared to every previous time I've tried it, but HD video playback quality seems to have decreased somewhat? It seems a bit more pixelated.

Also, any chance of seeing Pepper Flash for Chrome on Android?

M. A. Sridhar said...

It seems as if the "insecure content" warning that
used to be given when an https page loads http assets has been removed.
Chrome now seems to block such assets unconditionally. This has serious consequences for us.
Can you guys please comment? Is there a way for the user to allow such assets on the page?

Floren said...

The YouTube bug (flash?) is not fixed. Once I updated Chrome to version 21, I cannot wantch any video's in Youtube. Any video will play for exactly 11 seconds without sound and stop.

Chris said...

@M. A. Sridhar: thanks for commenting. I'm just writing a blog post about Chrome's new mixed script blocking. Due to user confusion, the mixed script warning is now more subtle -- but it still exists. Look for the shield in the omnibox.

As a reminder, mixed scripting can be a serious security condition so should be fixed ASAP.

Bob said...

YouTube flash bug not fixed.
Same issues as Floren

bazab dab said...

there is a problom with pepperflash
when viwing youtube videos the player seems to glitch and jitter
when disablimg pepper flash and using regular flash it fixes it
please fix pepperflash

bazab dab said...

forgot to mention i use
win xp sp3

Quentin said...

I've got the same audio issue with flash, please fix it quickly i dont want to use another web browers =(

Lars Rune Nøstdal said...

Why haven't you fixed Flash yet? Audio is broken etc..

I know Flash is crap, but many sites still use it; including your own.

This is supposed to be the Stable channel, no?

bazab dab said...

flash is ok..
the problom is saltandpepperflash
i think they are more fucest on this than other parts :S

Jor said...

@bazab dab

Chrome needs to be hardware-accelerated for Pepper Flash to work properly, I believe, because it still doesn't work as well on my older laptop (too much CPU usage compared to NPAPI Flash).

Type chrome://gpu in your Omnibox and see what it says. Mine says that "Flash3D" and "Flash Stage3D" are hardware-accelerated.

bazab dab said...

@jor
wow that makes my eyes bleed
ok here what its says
Graphics Feature Status
Canvas: Software only. Hardware acceleration disabled.
Compositing: Hardware accelerated
3D CSS: Hardware accelerated
CSS Animation: Accelerated
WebGL: Hardware accelerated
WebGL multisampling: Hardware accelerated
Flash 3D: Unavailable. Hardware acceleration unavailable
Flash Stage3D: Unavailable. Hardware acceleration unavailable
Problems Detected
Accelerated 2D canvas is unavailable: either disabled at the command line or not supported by the current system.
Disable 3D in Flash on XP: 134885
IS THIS GOOD ?

◄♪♫ संदिप पाटील ♫♪► said...

As in previous comments I am also facing the flash problem. There is some lag when switching to fullscreen and vice versa on youtube.

Simone said...

I am experiencing the same flash problem.
How can I switch from pepperflash to the normal one? Please someone reply : (

bazab dab said...

simone im glad im not alone on this :D
go type about:plugins in the serch bar and disable and you see shockwave flash click on the plus and then disable this:Shockwave Flash 11.3 r31
for me its the first one close and open
have a good day bro :D

Karen said...

simone and others with the flash audio problem, please come to http://code.google.com/p/chromium/issues/detail?id=139953 and leave us information on your configuration. We are working hard to resolve the issues as quickly as possible. Thank you!

Jor said...

@bazab dab

That's probably as good as it gets on XP. I'm running Win7 x64 SP1 on a laptop that supports up to Direct3D 10.1, and all my entries say "hardware accelerated" with no listed problems.

Luboš Motl said...

I restarted my laptop and since that time, my Chrome 21 never drops below 20% of CPU even if absolutely nothing is being done!

Cody said...

I like the new Omnibox icons. Still looking forward to bookmarks, About, Downloads in the Uber page...

Luboš Motl said...

I found out that the huge constant CPU load was caused by Google Checker Gmail Plus 10.2 extension. When disabled, it's OK. I am using "Gmail checked plus classic" instead which is OK.

TB said...

With the new Chrome 21 (Standard-Browser)I can´t open Links in TeamSpeak (Windows8 64Bit RP)

Simone said...

Flash Issue: Solved!

@bazab dab
Thank you! (even though I figured out the fix by myself xD hours and hours wasted)
You guys with the same problem just follow the guide of bazab dab written above.

@Karen
Not sure if you told me that to help me or because the Chrome Team needs that.
I'll do it anyway. Thank you.

ndr76 said...

Youtube keeps having problems, at least on Linux 64bit.
So I keep having to enable the old 11,2,202,236 flash version.
They should either fix the new one or roll back to the old one.

bazab dab said...

jor@
i got some answers in google forums it pepper flash related issue disabling it fixes it even if i enable hardware acceleration if not fix all issue
glad my tip help some of you i feel good about myself now XD
cheers :D

martinthew said...

Pepperflash is jittery and slow, disabled it in the plugins window.

Also, I browse at 58-67% zoom and elements of sites that were blocked in correctly pre-update (Elements on Twitter, Facebook) are now not blocked perfectly.

Besides that, thanks for the bugfixes. Those are always nice, even if their value is not always earth-shattering or visible to the naked eye.

Bob Crews said...

Not only are the favicons now stupid looking blank pages in the Omnibox, but the Bookmarks Bar no longer has the saved link's icon in the address bar. Now THAT looks really stupid! Someone at Chrome failed to think through doing away with the favicons in the Omnibox, because I cannot believe they want Chrome users (that use the Bookmarks Bar) to have blank pages as the saved link icons. You need to re-think this change!!!

Cody said...
This comment has been removed by the author.
Cody said...
This comment has been removed by the author.
Cody said...

@Bob Crews

The Omibox's blank-page icon replaces the globe icon (not the favicon which is already on the tabs). However, my bookmarks bar shows the favicons (if available).

Bob Crews said...

Some Favicons (for lesser known and smaller websites) that most definitely had been available (previous to the last update) are now just blank pages in the Bookmarks Bar.

Agent11847 said...

I now cannot access my homepage (google.com). I can type google.com and get there, but when I open Chrome the page just times out.

Jonathan Fourcault said...

Sometimes I have some Shockwave Flash Craches.

MAC OS X 10.8 Mountain Lion.

Erzeal said...

Youtube videos are broken for me as well. They play no sound and stop after around 3 seconds. I thought this was supposed to be the stable release, how could a bug like this get through?

Jon Ridge said...

CPU usage has shot through the roof since Chrome updated itself.
Just running a basic video page with standard tabs running in the background sends towards 100%.

Any tips in lowering this?

Bob Crews said...

This is the absolute worse update ever. Way too many issues since the last update. I've loved using Chrome, but this is stupid crazy. I'm going to use another browser until this is (hopefully) all worked out - then, maybe I'll be back.

Chris Dockwell said...

Flash videos installed locally on a computer no longer work unless PepperFlash is disabled. The videos consist of training videos installed on a customer's computer. The videos are viewed using the default web browser - if the user has Chrome with the newest version, the browser opens only a black window and the video will not play. The only workaround is disabling PepperFlash - but the average user will not know how to do this. It appears the viable option is to have our customers user a none-Chrome browser.

sumona.florence said...

Can you guys stop messing with the GUI and start actually working on the performance issues? This issue with S&P-Flash is getting too far, people hating the new "look" this isn't a real 'stable' channel to me.

I don't want to start kicking chrome in the backside for it, I get fixes can't come just by request and are only fixed when it's possible to be done.. but come on.

First and Foremost;

CAN I BE THE ONE IN CONTROL OF MY 'FAVORITE PAGE' THUMBNAILS PLEASE... But performance issues first!

Chromana said...

Not sure if it's just me or not but the WikiBooks website isn't showing at all in Chrome. Works fine in other browsers. The source of the page is all downloaded, but Chrome only shows a blank white page https://secure.wikimedia.org/wikibooks/en/wiki/Main_Page

Simone said...

@Chromana did you try to click on the shield in the omnibar and then enable unsafe content?

Anyway guys, I didn't like this release, I have to admit it, but come on don't be so evil I'm sure the Chrome Team is working on it hard. Developing isn't that easy, you should know it.
Don't forget to use the bug report.

Walt said...

The PepperFlash plugin causes my Windows 7 system to instantly reboot with a solid black or white screen when playing Flash videos. Disabling and using the standard plugin works fine. Took me hours to figure this out. Nice 'stable' release.

Chromana said...

YouTube audio and video are out of sync with this update. Other Flash players, like BBC iPlayer, seem to be fine.

@Simone thanks a lot, that's what it was. They should really make it more obvious in Chrome when they hide stuff. I'm very good with computers and I missed it, not sure how non-technical people would cope!

Javier said...

Im having this problem: big red and green squares instead the website. Not just in one site, it happends on on few, don't konw why. Seems just random to me.

And im not the only one:
http://www.lastfm.es/forum/21713/_/2067288

Look in the image that user on lastfm is linking.

DBZmusicboy01 said...

GOOGLE TEAM...I wanted to say this but Chrome has been having big bugs for the last 7 months. Like when I try to go to Wikipedia it shows nothing and sometimes when I go on Facebook it says something about the site being suspicious the page with the red background. The worst of all everyday Chrome is randomly making the computer unstable and crashes it. If you can compare the chrome from December 2011 to today's chrome some of these bugs wouldn't exist. It was super stable compare to the last 7 months.

TwoSpoons said...

Flash problem: tried disabling as above, but that just killed youtube completely. Went to adobe site and downloaded latest flashplayer from there (11.3.300.268). Youtube is now working fine.

mt said...
This comment has been removed by the author.
Fadzrul Hisyam said...

All tabs freeze when loading pages in new tabs.

Alvaro Schneider said...

Pages not rendering at all in W7/64 SP1. I need to use this for my work and flash support it's being a mess since the last months. Why do you call this stable ???

I'm stoping using this and moving to Firefox permanently as I don't have time for this.

Unknown said...

Could you please already release a new version for the stable channel? The flash bugs are incredibly irritating.

Bob Crews said...

I strongly suspect the tech reporters will have a field day with this latest update - suggesting that Chrome may not be as good as people having been saying it is. Seems they are probably right...

Karen - the longer you delay fixes, the worse Chrome's reputation will become. I don't care if you have ten updates in a single day - ADDRESS THE PROBLEMS right away and get them corrected and behind you. Every hour that nothing is done is an hour too long. Damage has already been done...and waiting to correct the problems just makes Chrome look very, very bad.

Chrome - you blew it by creating problems...and you blew it again by not addressing the problems immediately, even if it meant reverting to older yet stable and sound channels.

Stephen said...

I appear to be in the right place.

Mine is a variation of a theme.

I am experiencing a YouTube Full Screen lag which is disappointing, having recently uninstalled another browser, for Chrome 21.0.1180.75 m.

Stephen said...

Cont'd (apologies)...

I am running Win XP Sp 3.

Cheers.