This release fixes issues with two popular webmail providers:
  • Sending mail from Yahoo! Mail works again.
  • Windows Live Hotmail now works. While the Hotmail team works on a proper fix, we're deploying a workaround that changes the user agent string that Google Chrome sends when requesting URLs that end with mail.live.com.

    If you've been using the --user-agent switch to use Hotmail, you can remove the switch from your shortcuts with this release.

This release also includes two security updates. The release notes have the full list of changes.

Security Updates
Work around for "Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability"
CVE: CVE-2007-0048, CVE-2007-0045
Google Chrome now refuses requests for javascript: URLs in Netscape Plugin API (NPAPI) requests from the Adobe Reader plugin. Adobe is aware of this issue and has helped us develop this mitigation while they work on a fix for all users.

Severity: Moderate. This could allow a PDF document to run scripts on arbitrary sites.
Credit: Thanks to Michael Schmidt for reporting this responsibly to Google.

Javascript Same-Origin Bypass
CVE: CVE-2009-0276
A bug in the V8 JavaScript engine could allow bypassing same-origin checks in certain situations.

Severity: High. A malicious script in a page could read the full URL of another frame, and possibly other attributes or data from another frame in a different origin. This could disclose sensitive information from one website to a third party.
Credit: Found internally by Google.

--Mark Larson, Google Chrome Program Manager
Labels: ,


The complete list of changes is available in the release notes.

--Mark Larson, Google Chrome Program Manager
Labels:


Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The complete list of changes is available in the release notes.

--Mark Larson, Google Chrome Program Manager
Share on Twitter Share on Facebook
Labels:


Google Chrome's Dev channel has been updated to version 2.0.157.0. This release fixes a few minor bugs.

Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The list of user visible bugs is available in the release notes.

--Mark Larson, Google Chrome Program Manager
Share on Twitter Share on Facebook
Labels:

This is a minor update to add the following fixes:
  • Update Gears to version 0.5.8.0 to fix a crash with some offline applications
  • Enable spell-checking for Hebrew
--Mark Larson, Google Chrome Program Manager
Share on Twitter Share on Facebook
Labels: ,


Previous Dev Channel Users Moved to Beta Channel
This release is far less polished than what Dev channel users have been getting during Google Chrome's Beta, so we've moved existing Dev channel users to the Beta channel. You can decide whether to switch to the new Dev channel or stay on the Beta channel.

Use the new channel changer to re-subscribe to the Dev channel.

Highlights of This Release
There's a long list of new features in the release notes, but here are some of the highlights:

  • New version of WebKit, with lots of fixes and new features like full-page zoom, autoscroll, and CSS gradients and reflections.
  • New network code. Google Chrome now has its own implementation of the HTTP network protocol (we were using the WinHTTP library on Windows, but need common code for Mac and Linux).
  • Form Autocomplete.
  • Full-page zoom.
  • Autoscroll (rough implementation). Middle-click on a page to scroll the page in any direction.

--Mark Larson, Google Chrome Program Manager

Edit (12 Jan 2009): As in the release notes, note that zoom and autoscroll were enabled by changes in WebKit.
Share on Twitter Share on Facebook
Labels: