Thursday, August 30, 2012

Stable Channel Update

The Stable channel has been updated to 21.0.1180.89 for Linux, Mac, Windows and Chrome Frame

This build fixes the following issues:

  • Several Pepper Flash fixes (Issue 140577144107140498142479).
  • Microphone issues with tinychat.com (Issue: 143192)
  • devtools regression with "save as" of edited source (issue: 141180)
  • mini ninjas shaders fails (Issue: 142705)
  • page randomly turns red/green gradient boxes (Issue: 110343)
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$500] [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz.
  • [$1000] [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz.
  • [135485] Low CVE-2012-2867: Browser crash with SPDY.
  • [$500] [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz.
  • [137778] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team.
  • [138672] [140368] Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire.
  • [$1000] [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire.
  • [$500] [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.

Many of the above bugs were detected using AddressSanitizer.


If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

12 comments:

Todd said...

Still can't seem to use mailto handler - mailto links are not launching in this (stable) release. Canary works fine.

Det said...

Can't reproduce that here. It's a problem on your system (e.g. xdg-open, if you're using DEless linux).

Det said...

And of course meant to say 'xdg-email' because that's the mail handler.

Yuri Kobets said...

I can't to see anything on YouTube after this update. 2-3 seconds of playback and stop. All playback controls are not availiable ((

Kelu said...

I like to save sport pages in the night to read them next day, but almost everytime I try to save www.GSP.ro, chrome doesn't create the *.html file (it creates only the folder with saved files). I have to realod the page and keep trying to save it until the file is created.

This bug happened since Chrome 13 or 14.

Jose Pedro Macedo Silva said...

I also don't have the option to use the Gmail and Google Calendar protocol handler in this stable version. I tried in Windows 7 and Ubuntu 12.04. and Chrome is not asking me nothing about mailto and webcal, when I log into these two pages.
Please fix this!

Steve said...

Why are their no updates to Android and iOS versions? Do they have all of the vunerablities as listed above? Or are they a different code base that gets less attention? Does your code bounty count for finding flaws in these browsers? Also, I'm typing this on a Samsung Galaxy Tab I get little red sqiggly lines when I have misspelled words but no way to access the dropdown for suggested correct spelling.

Paul P said...
This comment has been removed by the author.
Paul P said...

Chrome has an awful, awful bug which causes gdi objects to leak when the browser is open for extended periods of time. If there are a lot of tabs, it can hit the windows system limit and cause the system to behave erractically and sometimes freeze or crash windows and/or chrome. You can observe it by watching the gdi objects for each chrome process and over time it will go up from 200ish to over 1000 even with the same number of tabs and no new activity. Something is happening while the user is not interacting with the browser to cause these gdi leaks. Please have someone prioritize this fix. There are various bug reports, but it seems like very little movement. As a user, this is the most disruptive bug in chrome and it seems like it's not getting the attention it deserves to be fixed.

Cormanus said...

I can't find a way to get protocol handlers to work. The chrome://chrome/settings/handlers box is blank and there seems no way to add a handler to it.

Cormanus said...

I can't get the email protocol handler to work. The chrome://chrome/settings/handlers box is blank and there is no way to add to it.

epicresearch5 said...

Really good blog post, this is very similar to a site that I have. Please check it out sometime and feel free to leave me a comment on it and tell me what you think. I’m always looking for feedback