Friday, March 14, 2014

Stable Channel Update

The Stable Channel has been updated to 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows.

Security Fixes and Rewards

Congratulations to VUPEN and an Anonymous submission for winning the Pwn2Own competition.
  • [$100,000] [352369] Code execution outside sandbox. Credit to VUPEN.
    • [352374] High CVE-2014-1713: Use-after-free in Blink bindings
    • [352395] High CVE-2014-1714: Windows clipboard vulnerability
  • [$60,000] [352420] Code execution outside sandbox. Credit to Anonymous.
    • [351787] High CVE-2014-1705: Memory corruption in V8
    • [352429] High CVE-2014-1715: Directory traversal issue

We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future.

Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome


ketel0ne said...

This should read version 33.0.1750.152

Richard Kral said...

Well, my Chrome tells me version 33.0.1750.149 is up-to-date...

Pisma utjehe said...

@Richard Kral +1 wtf?!

Maxiz said...

Same. my build 33.0.1750.149 says it's up to date as of now.

pcworld said...

Your "SVN revision log" links is wrong.

mobilediesel said...

What's the ETA on fixing the bug that tells me "[0315/] NaCl helper process running without a sandbox!
Most likely you need to configure your SUID sandbox correctly
in Debian Wheezy?

flacus said...

Monetize your android app on