Tuesday, September 25, 2012

Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 22 to the stable channel.  Chrome 22.0.1229.79 (also now available on the beta channel) has a number of new and exciting updates including: 
  • Mouse Lock API availability for Javascript
  • Additional Windows 8 enhancements
  • Continued polish for users of HiDPI/Retina screens
You can find out more about Chrome 22 on the Official Chrome Blog.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:

  • [$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption. Credit to Eetu Luodemaa and Joni Vähämäki, both from Documill.

And back to your regular scheduled rewards, including some at the new higher levels:

  • [$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov.
  • [$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov.
  • [$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva.
  • [$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG.
  • [$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG.
  • [$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG.
  • [$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz.
  • [$1000] [144899] High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek.
  • [Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL. Credit to miaubiz.
  • [$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe.
  • [$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.
  • [$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
  • [132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno).
  • [134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [137852] High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team.
  • [139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar).
  • [140647] High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno).
  • [142310] Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community.
  • [143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community.
  • [144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar).
  • [144799] High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar).
  • [145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.

Full details about what's in this release are available in the SVN revision log. Found a bug? Report it! On a different channel, but want to join us on the Beta train? The Chromium wiki has you covered.

Jason Kersey
Google Chrome


Sterling said...

I was hoping this update was Chrome 23 for the beta channel.

Richard Kral said...

Sergey Glazunov - 15000 more bucks...is that guy from another planet or what?!?

jpp said...

I will miss the wrench :)

Ilja Nedilko said...

Anyone else noticed problems with hardware acceleration? The fonts are too bright, not as sharp & clear as in previous versions. Tried disabling it through about:flags - no joy.

Alexander Kuzmin said...

After update Google Dashboard page is empty.

petko said...

Why does Chrome still use Flash 11.3?

Mitch said...

Who was the bonehead who got rid of the wrench?

Mitch said...

I hate having to click on advance settings to clear cache. Just put it with the rest of the settings.

Steve Elsass said...

Excellent update. Thanks Chrome team!

Echoing what Alexander said above, Google Dashboard seems down, thus it's a bit difficult to verify and manage Chrome Synced Data.

Go to https://www.google.com/dashboard/

Note how the page is empty.
Please pass along to the proper Google Team.


Sophie said...

My Google Dashboard page seems OK. Version 22.0.1229.79 "stable channel".

Steve Elsass said...

Fixed. Thanks folks. :-)

Linfocito B said...

This release broked finger touch compatibility un Windows 7 like proper right click behavior (sustained touch) and the loss of finger flicks for back-forward and copy/paste. Please fix it, ty.

Ilya Pyataev said...

what did you make in this version with fonts?, they very thin and not maleficiated, return please old fonts, they were much better, at new it is not convenient to use the browser became

musafir said...
This comment has been removed by the author.
Colin Guthrie said...

Seems this also breaks some parsing of @media rules :(

Found out the hard way this morning as our whole system suddenly started getting both screen and module rules applied to it!

Admittedly the rules were syntactically invalid (I blame an old yuicompressor) in that the " and " part of the rule didn't have a space after the and (e.g. " and(min-width:...")

I accept this is invalid, but it's a pain that this change suddenly appeared and none of the other browsers or older versions are bothered. But invalid is invalid so we should fix it all the same.

rpuchkovskiy said...

WebGL seems to be broken for me. html5test.com score dropped from 437 to 422, it says that 3D Context is not supported. http://workshop.chromeexperiments.com/cloudglobe/ and ro.me both say my card/browser is not supported although WebGL worked fine in Chrome 21

msi2 said...

New fonts are absolutely terrible looking right now. What happened there? I'm on win7 x65.

TeckLord said...

Could you please clarify on CVE-2012-2897. Is it a known issue and guys from Documill just found an exploitation vector or this is a knew vulnerability in Windows?

msi2 said...

Looks like i will have to go back to firefox for some time until the font issue gets fixed.

Longasc said...

Like Ilja Nedilko I have blurry font issues. I am using Windows 7-64, if this is an "optimization" for Windows 8 or something like that please make sure you don't break it for any other OS. It is very annoying, please fix this quickly.

msi2 said...

It seems there's a problem with cleartype on this version.

Mike said...

I still have to zoom 200% on my retina running win7x64 to have readable Fonts :(

msi2 said...

Chrome 21:


Chrome 22:


On win7 x64

psybertech said...

I am not sure the cuase, but I have two issues with this latest version.
Previously, if I click on a link that points to a .csv file, it would download to my PC. Now it opens the link in the window showing the contents of the .csv file.
I cannot find a handler for this unwanted result.
I first saw this bug over a year ago but was fixed soon after I first saw it. It has returned.
In some HTML forms, when you click submit, the form is submitted twice.
The first time it sends data properly but the subsequent submit contains no POST data so the second entry is missing the post data.
Having two entries alone is a problem, but the second post containing no data makes it not just annoying, but ugly.
My applications work fine in older versions of Chrome and current versions of IE and FF.
I have to make a ton of backend changes to validate the second post now. My form does the check to validate the data before submit so I have nothing in place to validate on the backend.
With this new bug I have to do a ton of coding to validate the backend as well as the front end now.
I am not sure if it somehow relates to a second submit button in the form (used to carry out different actions on the backend) and/or if another button is in the form (even witht he type='button' is specified).
Not sure, but this is wreaking havoc on my life at the moment.

Ivan Miropolsky said...

WHAT'S UP WITH THOSE FONTS!? ffs fix it! pls kk thnx!

musafir said...
This comment has been removed by the author.
K@i W3n said...

i got just one suggestion
the font in the browser is weird and i my eyes are suffering looking at the words =-=
please do fix it asap.

Adam said...

Espn video stopped working with this update. All the other flash sites work as far as I can tell, ESPN doesn't work though.

Unknown said...

Whats happened to the font ! its all gone fuzzy and faint looking.

Needs sorting asap as its impossible to use and will consider using another browser.

hotchka said...

Thanks for the fix, the bold fonts are now clear, they haven't been since version 17.0.963.83

Googler-239dhaf said...

Looks like the viewing of motion jpegs has been fixed in this version. this broke several releases ago in that it would only show 1 frame and not keep loading the new ones. Thanks Google

denyer said...

22 seems to have broken/removed the option to hide the download bar, which is a real pain for usability.

SaraSanchez said...

Sadly the GDI leaks still present in this version.

Me said...

Echoing phybertech:
When I click on a link that points to a .csv file, it opens the link in the window showing the contents of the .csv file. It used to download and allow me to automatically open Excel. I cannot find a handler for this unwanted result.
This is a massive inconvenience, as I download CSVs all the time.

Michael said...

I am having the same .csv problem too. Any known work arounds?

sesilia qammar said...

its nice post about the security thanks for providing such useful information actually there should be proper councling about the Security Course it provides a better security tricks along with to brighten someone's career.....

David bone said...

Hi, nice post. I have been wondering about this topic, so thanks for sharing. I will certainly be subscribing to your blog.human growth hormone

ficuscr said...

This update seems to have introduced some nasty rendering issues. Still debugging CSS to see where exactly the problem is. Same pages render fine in every other major browser I have tried. I hate these frequent automatic updates!