Chrome Releases: August 2009

Version: 4.0.203.4

Changes specific to Mac OS X:

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

The dev channel has been updated with a new release for Mac OS X. This release includes bug fixes and some improved compatibility with Snow Leopard. This release is only slightly different than the 4.0.203.2 release so please refer to that release for more information.
Version: 4.0.203.4
Changes specific to Mac OS X:

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

The dev channels for Windows and Linux have been updated to 4.0.203.2.

All Platforms

[r23666, r23790, r23988] Fix some hangs/crashes. (Issue: 16512, 16871, 18217, 18521, 19710, 19860)

[r23668] Fix hang with video and audio tags. (Issue: 19276)

[r23670] When SafeBrowsing alerts for a page, don't allow that page to redirect until after the user has dealt with the alert. (Issue: 6442)

[r23754, r23937] Prevent time/slider from jumping around during and after seeking in video and audio tag content. (Issue: 19396)

[r23859] Reduce Omnibox flicker. (Issue: 18369)

[r23965] Unicode text could sometimes produce garbled Omnibox dropdown entries. (Issue: 5490)

[r23967] Fix problems with plugin z-order. (Issue: 15840)

[r24033] Fix a crash on Windows and Linux. (Issue: 17569)

[r24151] Fix regression (since Chrome 2.0.172.1) where some gzipped files (e.g. script) were not unzipped before evaluation, making them unusable. (Issue: 16430)

[r24170] Faster startup with custom themes. (Issue: 18768)

[r24179] Graphical errors with some themes. (Issue: 20139)

[r24189] Problems with video/audio tag playback and looping at rates other than 1.0. (Issues: 19856, 19105)

[r24192] Properly align cursors used for middle-mouse-autoscroll with the original click location. (Issue: 6173)

Windows

[r23915] During uninstall, if Chrome was the default browser, prompt user to choose a new default. (Issue: 14023)

[r23849] Fix clicking/noise when playing video/audio tag content with 48 or 96 kHz audio. (Issue: 17940)

[r24198] Remove "Clear browsing data" and "Import bookmarks & settings" from Tools menu since they are now available in the Options. (Issue: 20137)

Linux

Chrome for Linux is now truly 64 bit.

[r23696, r23737, r23768, r23815, r23846, r23930, r23944, r24034, r24040, r24191, r24207] Crash fixes. (Issues: 10911, 17549, 18686, 18866, 18907, 18957, 19552, 19670, 19788, 19915, 19971, 19994)

[r23828] Make inactive titlebar legible. (Issue: 18856)

[r23834] Ctrl-C does nothing in Omnibox. (Issue: 19648)

[r23760] Default to not using custom frame under Fluxbox. (Issue: 19130)

[r23757, r23827, r23998, r24010] Add some missing pieces of UI. (Issue: 11507, 13524, 17251, 19290)

[r23879, r24001] Fix small graphical issues with the find bar. (Issue: 19726, 19811)

[r23899, r24149] Fix issues with tab titles and their tooltips. (Issue: 19741, 19754)

[r24210] Cookie manager polish. (Issue: 17919)

[r24000] Allow users to delete entries from autocomplete suggestion lists. (Issue: 19664)

Extensions

[r23675] Fix some issues around re-enabling disabled extensions. (Issue: 12140)

[r23676] Async extension callbacks now always fire and set chrome.extension.lastError on error. (Issue: 17381)

[r23739] Beginnings of localization support. (Issue: 12131)

[r24223] Unconditionally enable HTML5 Database and Local Storage support for chrome-extension:// pages. (Issue: 19511)

[r24231] Crash fix. (Issue: 15888)

Known Issues

WebInspector's Elements Panel is blank for some sites. (Issue: 19850)

Control key misbehaves in omnibox on Linux (Issue: 20166)

Chrome for Linux not fully themed with GTK+ theming.

Moving a tab in Chrome 64 bit for Linux always detaches the tab. (Issue 20513)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

The dev channels for Windows and Linux have been updated to 4.0.203.2.

All Platforms

[r23666, r23790, r23988] Fix some hangs/crashes. (Issue: 16512, 16871, 18217, 18521, 19710, 19860)

[r23668] Fix hang with video and audio tags. (Issue: 19276)

[r23670] When SafeBrowsing alerts for a page, don't allow that page to redirect until after the user has dealt with the alert. (Issue: 6442)

[r23754, r23937] Prevent time/slider from jumping around during and after seeking in video and audio tag content. (Issue: 19396)

[r23859] Reduce Omnibox flicker. (Issue: 18369)

[r23965] Unicode text could sometimes produce garbled Omnibox dropdown entries. (Issue: 5490)

[r23967] Fix problems with plugin z-order. (Issue: 15840)

[r24033] Fix a crash on Windows and Linux. (Issue: 17569)

[r24151] Fix regression (since Chrome 2.0.172.1) where some gzipped files (e.g. script) were not unzipped before evaluation, making them unusable. (Issue: 16430)

[r24170] Faster startup with custom themes. (Issue: 18768)

[r24179] Graphical errors with some themes. (Issue: 20139)

[r24189] Problems with video/audio tag playback and looping at rates other than 1.0. (Issues: 19856, 19105)

[r24192] Properly align cursors used for middle-mouse-autoscroll with the original click location. (Issue: 6173)

Windows

[r23915] During uninstall, if Chrome was the default browser, prompt user to choose a new default. (Issue: 14023)

[r23849] Fix clicking/noise when playing video/audio tag content with 48 or 96 kHz audio. (Issue: 17940)

[r24198] Remove "Clear browsing data" and "Import bookmarks & settings" from Tools menu since they are now available in the Options. (Issue: 20137)

Linux

Chrome for Linux is now truly 64 bit.

[r23696, r23737, r23768, r23815, r23846, r23930, r23944, r24034, r24040, r24191, r24207] Crash fixes. (Issues: 10911, 17549, 18686, 18866, 18907, 18957, 19552, 19670, 19788, 19915, 19971, 19994)

[r23828] Make inactive titlebar legible. (Issue: 18856)

[r23834] Ctrl-C does nothing in Omnibox. (Issue: 19648)

[r23760] Default to not using custom frame under Fluxbox. (Issue: 19130)

[r23757, r23827, r23998, r24010] Add some missing pieces of UI. (Issue: 11507, 13524, 17251, 19290)

[r23879, r24001] Fix small graphical issues with the find bar. (Issue: 19726, 19811)

[r23899, r24149] Fix issues with tab titles and their tooltips. (Issue: 19741, 19754)

[r24210] Cookie manager polish. (Issue: 17919)

[r24000] Allow users to delete entries from autocomplete suggestion lists. (Issue: 19664)

Extensions

[r23675] Fix some issues around re-enabling disabled extensions. (Issue: 12140)

[r23676] Async extension callbacks now always fire and set chrome.extension.lastError on error. (Issue: 17381)

[r23739] Beginnings of localization support. (Issue: 12131)

[r24223] Unconditionally enable HTML5 Database and Local Storage support for chrome-extension:// pages. (Issue: 19511)

[r24231] Crash fix. (Issue: 15888)

Known Issues

WebInspector's Elements Panel is blank for some sites. (Issue: 19850)

Control key misbehaves in omnibox on Linux (Issue: 20166)

Chrome for Linux not fully themed with GTK+ theming.

Moving a tab in Chrome 64 bit for Linux always detaches the tab. (Issue 20513)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

In addition to stability fixes, this release contains updates for the New Tab page, the omnibox, and themes support.

You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.

Known Issues:

There is a known issue, 20452, that the themes gallery does not recognize the new version of Google Chrome. This issue is purely aesthetic and does not affect a user's ability to install themes from the gallery.

Anthony Laforge
Google Chrome Program Manager

The Windows Beta channel has been updated to 3.0.195.10.
In addition to stability fixes, this release contains updates for the New Tab page, the omnibox, and themes support.
You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.
Known Issues:

There is a known issue, 20452, that the themes gallery does not recognize the new version of Google Chrome. This issue is purely aesthetic and does not affect a user's ability to install themes from the gallery.

Anthony Laforge
Google Chrome Program Manager

CVE-2009-2935 Unauthorized memory read from Javascript

A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.

More info: http://code.google.com/p/chromium/issues/detail?id=18639 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: This issue was found by Mozilla Security.

Mitigations:

A victim would need to visit a page under an attacker's control.
Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Security Fix: Treat weak signatures as invalid

Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.

More info: http://code.google.com/p/chromium/issues/detail?id=18725 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium. Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates.

Credit: Dan Kaminsky, Director of Penetration Testing, IOActive Inc., Meredith Patterson and Len Sassaman. See their paper at http://www.ioactive.com/pdfs/PKILayerCake.pdf

CVE-2009-2414 Stack consumption vulnerability in libxml2

CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2

Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.

More info: See the CVE entries noted in this report.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. The Google Chrome security team determined that Chrome was affected.

Mitigations:

A victim would need to visit a page under an attacker's control.
Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Jonathan Conradt

Engineering Program Manager

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below.
CVE-2009-2935 Unauthorized memory read from Javascript
A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.

More info: http://code.google.com/p/chromium/issues/detail?id=18639 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: This issue was found by Mozilla Security.

Mitigations:

Security Fix: Treat weak signatures as invalid

Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.
More info: http://code.google.com/p/chromium/issues/detail?id=18725 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium. Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates.
Credit: Dan Kaminsky, Director of Penetration Testing, IOActive Inc., Meredith Patterson and Len Sassaman. See their paper at http://www.ioactive.com/pdfs/PKILayerCake.pdf

CVE-2009-2414 Stack consumption vulnerability in libxml2

CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2

Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.

More info: See the CVE entries noted in this report.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. The Google Chrome security team determined that Chrome was affected.

Mitigations:

A victim would need to visit a page under an attacker's control.
Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Jonathan Conradt

Engineering Program Manager

The Windows and Mac Dev channels have been updated to 4.0.202.0.

All Platforms

Bugs 16020, 16768, 17415, 17970, 17973, 18208, 18362, 18433, 18677, 18726, 18846, 19521: Many fixes for video and audio tags [r23037, r23038, r23067, r23255, r23274, r23455, r23471, r23598]

Bugs 18471, 18720, 18722: Make more New Tab Page items themeable [r23081, r23205]

Bugs 10706, 18697: Crash fixes [r23190, r23568]

Bug 19200: Cannot enter HTTP auth credentials in Omnibox if password has an @ sign [r23403]

Bug 9103: Import passwords from Firefox 3.1 and above [r23503]

Bug 13065: Change Live Search to Bing (only for U.S. right now) [r23571]

Bug 19353: Attempt to reduce memory footprint [r23584]

Windows

Bug 19222: Uninstalling Chrome for one user should not delete default browser entries for another user [r23496]

Mac

HTTP Auth dialog added.

Chrome binary smaller, starts up faster

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Anthony Laforge

Google Chrome Program Manager

Update: Linux has been updated to 4.0.202.2

The Windows and Mac Dev channels have been updated to 4.0.202.0.

All Platforms

Bugs 16020, 16768, 17415, 17970, 17973, 18208, 18362, 18433, 18677, 18726, 18846, 19521: Many fixes for video and audio tags [r23037, r23038, r23067, r23255, r23274, r23455, r23471, r23598]

Bugs 18471, 18720, 18722: Make more New Tab Page items themeable [r23081, r23205]

Bugs 10706, 18697: Crash fixes [r23190, r23568]

Bug 19200: Cannot enter HTTP auth credentials in Omnibox if password has an @ sign [r23403]

Bug 9103: Import passwords from Firefox 3.1 and above [r23503]

Bug 13065: Change Live Search to Bing (only for U.S. right now) [r23571]

Bug 19353: Attempt to reduce memory footprint [r23584]

Windows

Bug 19222: Uninstalling Chrome for one user should not delete default browser entries for another user [r23496]

Mac

HTTP Auth dialog added.

Chrome binary smaller, starts up faster

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Anthony Laforge

Google Chrome Program Manager

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Anthony Laforge

Google Chrome Program Manager

The Windows Dev channel has been updated to 4.0.201.1.

This release contains all the fixes and changes from 3.0.197.11, plus one additional change: we've added bookmark synchronization!

To start using the feature, start Chrome with the "--enable-sync" flag, and go to "Wrench"->"Sync my bookmarks..."

For more details about bookmark synchronization go to: http://blog.chromium.org/

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Anthony LaforgeGoogle Chrome Program Manager

Both:

(Bug 18427) Make New Tab Page load faster with custom themes [r22462].
(Bug 18160) Ensure downloads really stop when a user cancels [r22557].
(Bug 13649, Bug 18456) Don't show themes in chrome://extensions/, since that page doesn't work well with them [r22578].
(Bug 18480) Theme the New Tab Page in incognito mode too [r22613].
(Bug 15247) Add a way to restore blacklisted thumbnails on the New Tab Page [r22704].
(Bug 18093) App mode and popup windows should not be themed [r22783].

Mac:

Flash gets mouse and key events so you can pause/play video.
(Bug 13203) Forward/backward buttons now have history dropdown menus.
(Bug 18353) Arrow keys work again.

Linux:

(Bug 14790) Now supporting 50 locales.
Support downloading large files (greater than 2GB) [r22670].

Known Issues:

(Mac Bug 12030) Quicktime and other plugins no longer load since they are not yet supported.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

This release is for Mac and Linux and it includes a number of bug fixes:
Both:

Mac:

Flash gets mouse and key events so you can pause/play video.
(Bug 13203) Forward/backward buttons now have history dropdown menus.
(Bug 18353) Arrow keys work again.

Linux:

(Bug 14790) Now supporting 50 locales.
Support downloading large files (greater than 2GB) [r22670].

Known Issues:

(Mac Bug 12030) Quicktime and other plugins no longer load since they are not yet supported.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

Windows / All Builds (3.0.197.11)

Crash fixes
Bug 2993: Fix tabs getting "stuck" to your mouse and dragged out when under system load [r22024].
Bug 60: Make downloads removable from download shelf and download list [r22138].
Bug 17697: Properly unescape past searches in the Omnibox dropdown [r22167].
Bug 3641: Setting Chrome as default browser on multiple accounts in Vista should work [r22282].
Tweaks for new New Tab Page [r22316], [r22320], [r22337], [r22388], [r22428].
Bug 8037: Use jumplists on Windows 7 [r22375].
Bug 9985, 18271: Fixes for proxy users [r22430].
Rich text editors can now remove <s>, <u> and <strike> tags [Webkit r46286].

Linux (3.0.197.11)

Default to showing the custom Chrome frame for most users [r22193].
Bug 15952: Use Linux native-looking title bar buttons.
Many plugin fixes; fewer crashes [r21992], [r22037], [r22083] and Gmail no longer hangs [r22165].
GTK theme mode no longer fails to display the back button on recent Linux distros [r22242].
GTK themed location bar now matches theme text color (fix for dark themes) [r22018].
Match GTK's font hinting settings [r22411].

Mac (3.0.197.12)

Bug 17555: Fix for a particularly common crash on Mac.
Bug 11952: Support input method editors (IMEs).
Enabled plugin support by default [r22209].

Extensions

Bugs 18140 and 18472: Fix for crashes.
Added a mole expand/collapse API, callable from a toolstrip [r22382].
Fix a bug where content scripts that are supposed to match all pages don't match hosts that are IP addresses [r22260].
Delay loading of toolstrips until the background page is ready [r22302].
First cut at the final extension installation prompt on Windows [r22368].
Experimental support for Databases and DOM Storage when extensions are enabled [r22452 and r22407].
Beginnings of extension shelf for linux [r22439].

Known issues:

(Mac) Flash can use a lot of CPU.
(Mac) Bug 18203: Mouse clicks on Flash content often doesn't work. (Try middle-click as a workaround.)
(Mac) Bug 18666: Page Up/Down and Cursor Up/Down no longer scroll page content.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

3.0.197.x has been released to the dev channel with the following changes:
Windows / All Builds (3.0.197.11)

Crash fixes
Bug 2993: Fix tabs getting "stuck" to your mouse and dragged out when under system load [r22024].
Bug 60: Make downloads removable from download shelf and download list [r22138].
Bug 17697: Properly unescape past searches in the Omnibox dropdown [r22167].
Bug 3641: Setting Chrome as default browser on multiple accounts in Vista should work [r22282].
Tweaks for new New Tab Page [r22316], [r22320], [r22337], [r22388], [r22428].
Bug 8037: Use jumplists on Windows 7 [r22375].
Bug 9985, 18271: Fixes for proxy users [r22430].
Rich text editors can now remove <s>, <u> and <strike> tags [Webkit r46286].

Linux (3.0.197.11)

Mac (3.0.197.12)

Extensions

Bugs 18140 and 18472: Fix for crashes.
Added a mole expand/collapse API, callable from a toolstrip [r22382].
Fix a bug where content scripts that are supposed to match all pages don't match hosts that are IP addresses [r22260].
Delay loading of toolstrips until the background page is ready [r22302].
First cut at the final extension installation prompt on Windows [r22368].
Experimental support for Databases and DOM Storage when extensions are enabled [r22452 and r22407].
Beginnings of extension shelf for linux [r22439].

Known issues:

(Mac) Flash can use a lot of CPU.
(Mac) Bug 18203: Mouse clicks on Flash content often doesn't work. (Try middle-click as a workaround.)
(Mac) Bug 18666: Page Up/Down and Cursor Up/Down no longer scroll page content.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

Chrome Releases

Dev Channel Update: Updates for Snow Leopard

Dev Channel Update: Linux true 64 bit, Crash and Bug Fixes

Beta Channel Update

Stable Update: Security fixes

Dev Channel Update

Dev Channel Update

Dev Channel Update: Bug Fixes and Locales

Dev Channel Update: Fixes and Plugins

Labels

Archive