Tuesday, April 8, 2014

Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including:
  • Responsive Images and Unprefixed Web Audio
  • Import supervised users onto new computers
  • A number of new apps/extension APIs 
  • A different look for Win8 Metro mode 
  • Lots of under the hood changes for stability and performance 
You can read more about these changes at the Chrome blog.

Flash Player has been updated to 13.0.0.182, which is included w/ this release.

Security Fixes and Rewards

This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$5000][354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
[$5000][353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
[$3000][348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
[$3000][343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
[$2000][356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
[$2000][330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
[$1500][337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
[$1000][327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
[$3000][357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
[$1000][346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
[$1000][342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.

As usual, our ongoing internal security work responsible for a wide range of fixes:
Many of the above bugs were detected using AddressSanitizer.

As we’ve previously discussed, Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the priority of constituencies, and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields.

A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Daniel Xie
Google Chrome

39 comments:

bswarm said...

Fonts still screwed up on Facebook and some other sites. Looks like trying to read a blurry newspaper. Does not happen with Chromium with the same settings. No settings change will fix it. Only bad on Ubuntu 13.10, but not on Windows. Cannot use Chrome this way, have tried uninstalling, deleting the chrome folders, and reinstalling, no good. This started about 4 versions ago. Stuck with Chromium until this gets fixed. Any suggestions?

LIVECT LAB said...

Found a big Bug .

I am having a strange problem with this last update.

All my inputs (type range) are not sending values when moving the slider anymore however, the value is updated just when the mousebutton is realised.

here a simple example of a slider used to update the frequency value of an oscillator.

http://jsfiddle.net/salvonostrato/aL9jg/

It was working fine 5 hours ago as all my other apps. I did not changed anything and in Safari it works just fine.

I am using a simple jquery change function to update the value.

$('#slider').change(function () {

console.log ($("#slider").val());

oscillator.frequency.value = $("#slider").val();
document.getElementById('freq').value = $("#slider").val();


});
Is it something I have to worry about and change all my projects, or is just because Chrome team is updating the servers or libraries??

Aminadav said...
This comment has been removed by the author.
Eric Smon said...

We are sorry, but the new version of Chrome (34) break many extensions! To learn about it, read here: http://goo.gl/JHDOQX

Jason Marshall said...

Chromecast still seems broken; crashes when loading...ever since a few updates ago.

Saber said...

Scrollbar Arrows are not appearing at Google News and Gmail.

Windows XP SP3 x86

SagePtr said...

> Saber said...
> Scrollbar Arrows are not appearing at Google News and Gmail.

It's not bug. Google News and Gmail use custom scrollbars styled by CSS.

Simon Zerafa said...

Hi Daniel,

So what part of the "spirit of the priority of constituencies" applied when the an option requiring OSCP was removed from Chrome? :-)

Kind Regards

Simon


Ash Xss said...
This comment has been removed by the author.
Si Robertson said...

"Unprefixed Web Audio"

Obviously someone forgot to flip the switch for this one.

window.AudioContext doesn't exist, only window.webkitAudioContext does.

Ariel said...

Friends.. I am getting a 403 forbidden when I click in bug details like https://code.google.com/p/chromium/issues/detail?id=354123

Any ideas?

Fabian Fernandez said...

Hey! I'm having the same 403 here!

Fabian Fernandez said...
This comment has been removed by the author.
TheJH said...

"Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn."

No, that's not just local, as comment #1 in the bug says.

Leroux Michelson said...

This updates breaks the Cordys/OpenText framework, we're using.

Michael Martin said...

My company is in the same situation as Leroux and the Cordys/OpenText software is unusable with Chrome.

SomeBlog said...

Looks like "timeline" for memory profiling is broken.

Doug Melvin said...

The link to the google blog does not contain any information about these changes. I was really interested to know what "responsive images" means but your blog has no information about any of this.

Chris Snyder said...

Yeah, me too. What the heck does "responsive images" even mean in the context of the browser itself?

All of the techniques I know of for creating responsive images are browser independent.

There is nothing on the Chrome Blog that explains what this means here. I call hype.

zele said...

First google search hit?

http://blog.chromium.org/2014/02/chrome-34-responsive-images-and_9316.html

Johannes Russell Laustsen said...

I have a web page with a couple of forms that has the following action element:
action="javascript:some_function();"

These forms are not working in chrome anymore, but are still working in safari.

Does chrome not support this anymore?

Ariel said...

Error 403 in https://code.google.com/p/chromium/issues/detail?id=354123
it is because my Gmail Account has no access to view those issues. How can I read more about them???

thomas marchi said...

This version of chrome breaks may sites using web workers. Example http://lnkit.com

Sergei Serdyuk said...

OMG! Who decided that ignoring autocomplete="off" attribute is an improvement? We provide SAAS Lead Management System, I have clients calling in with complaints that "editing is broken" and they "can't save changes". All because Chrome now puts stuff in random and wrong places like email address in the zip code input. And the data they work with in not repetitive so there's no benefit in autocompletion at all. I have disabled it for a reason!
FIX IT! OBEY THE ATTRIBUTE!

Sergei Serdyuk said...

"Doesn't affect non-password fields"? Did you test it? Take a look http://snag.gy/x8Rkq.jpg

Anonymous Person said...

I'm having the same problem as Sergei. It's breaking a "new user" form by autocompleting fields that are (a) optional or (b) need to be completed the user and *not* autocompleted.

Dinesh gir said...

Lol n Troll Network with the Name of Lols Gag where you can find Videos, Gif Images, Troll Images, Prank Peoples, Funny Peoples, funny planet, funny facts, funny cartoons, funny movies pics, iphone funny, funny jokes, Prank Images, Fail Pictures, Epic Pictures, Lols and Gags.
LolsGag.Blogspot.Com

Alexander Lexappeal said...

For the last 2 days my chrome has been unresponsive, with the webpages not loading. Internet explorer works fine, never had this problem before and tried some troubleshooting to no avail. Any suggestions? Re-install chrome perhaps?

Martin Trautvetter said...

For me, V34 has terrible responsiveness when loading multiple new tabs, like when your opening multiple articles from a single news site.

Sometimes, even opening a single link in a new tab completely stalls V34 for seconds, while previous versions just flew through the same usage scenarios. Feels like I'm using a 5400 rpm harddrive again. Really frustrating.

John said...

Also experiencing delays if loading any pages at all - mostly getting "Aw Snap" page - CPU also making sounds like it is searching for something until Aw Snap - repeated sound pattern. All other browsers working fine. Win7, 64 bit, Intel i7 here.

Dorispinto1001 said...

Has anything ever bothered you in life? Do you
have any problem you need to solve? A pending
court case you want to resolve in your favor?
Health, relationship and finance. Welcome to
the world of miracles and wonders, there are
supernatural treasure and power to liberate
mankind from all afflictions. Why cant you live a
life of your dream? Why must you work so hard
and yet earn so little? Why cant you be happy
with the one you love and desire or why cant the
one you love reciprocate and appreciate that
love? Why would the doctor tell you there is no
solution or cure to your problems? Why would
your lawyer say you stand no chance, that your
case is hopeless? Have you been cheated by
anyone or those owing you money refuse to pay
back? Do you need a rapid job promotion in
your place of work? You want to venture into
politics? Now I understand certain things are
hard to believe and comprehend, but all I ask
from you is only 3 days and if you will follow my
instructions and use the items you will receive, I
promise your life will never be the same
again.If you find no relevance in the help I offer
I solemnly appeals do not be vindictive and go
in peace. And if your intentions are to take
advantage of the powerful nature of our items
for the purpose of evil, I will not have any
business with you please be advised. May
angels guide you. All inquiries should be
directed to the Priest Abija email below Email:
spirituallighthealing101@live.com or
you can sent a text message to this number:(518) 303-6207!

Gshegosh said...

It appears that this update has broken some of the SVG rendering. I have a raphael based application that used to work correctly until this update. Also it still works ok on Firefox and Safari.

The symptoms are that some of the graphical artifacts are not drawn anymore. They do exist in the DOM though.

Marc said...

I second the issues with SVG. jBPM is no longer able to draw SVG objects correctly after the update.

roger campos said...

I can confirm SVG is no longer rendering correctly.

najma love said...

The Besy Hyip program in Forex Business and Make Money Online with Just Invest some Money into your Business and Make Perfect Life time Earnings with this Business.
Join Now for Make Perfect Business and Earn Money online from home.
HotFxEarnings.com

Kenan said...

shockwave is bugged!!! cant load twich chat or few games at all!!!! FIX IT!

Lost in the wasteland said...

Chrome leaves core dumps in home directory

Alex Reed said...

Came here looking for answers as to why my SVG based app is rendering really weird in chrome. Nice to have some confirmation that I'm not alone.

Mike Macaulay said...

Yep, major SVG issues here. Just not rendering paths or images correctly.