Chrome Releases: September 2009

Beta Channel Update

Monday, September 28, 2009

This update contains the following:

A fix to two significant history related crashing bugs 16591 and 21377.
A fix where PAC scripts would fail to parse if they ended with a comment and no new line 22864.
Corrected an issue where tabs would flash,for a split second, if multiple tabs were opened at the same time 20831.
Fixed an issue which prevented proper logins to CNET 22181.

Anthony Laforge

Google Chrome Program Manager

The beta channel has been updated to 3.0.195.24.

This update contains the following:

A fix to two significant history related crashing bugs 16591 and 21377.
A fix where PAC scripts would fail to parse if they ended with a comment and no new line 22864.
Corrected an issue where tabs would flash,for a split second, if multiple tabs were opened at the same time 20831.
Fixed an issue which prevented proper logins to CNET 22181.

Anthony Laforge

Google Chrome Program Manager

Dev Channel Updated: Bug fixes

Thursday, September 24, 2009

All Platforms

[r26815] New-FTP: Requires re-authentication when navigating around. (Issue: 21184)
[r26860] [DEPS] Move FTP LIST parsing code to the renderer process, limiting potential damage from security issues.

Windows

Issues with drop down select boxes fixed.
[r26359] BiDi-language filenames now displayed correctly in download shelf. (Issue: 10860)

Mac

Extension shelf (that weird gray box at the bottom) is only displayed if you have extensions installed.
[r26495] Add Command-0..8 shortcuts to "select Nth tab" and Command-9 to "select last tab".
[r26694] Basic emacs key bindings in text fields should work. (e.g., ctrl-e, ctrl-a, ctrl-d) (Issue: 12538)
[r26603] Paste-and-Go for Mac omnibox, cleaned up omnibox context menu. (Issues: 13021, 10937)
[r26471] Form controls now draw correctly in 10.6. (Issue: 19604)
[r26646] Search Engine Manager UI improved.
[r26567] Find bar now animates open and close.
[r26527] Pressing Up/Down arrows in find bar now scrolls page.
[r26853] Empty bookmark bar should show IDS_BOOKMARKS_NO_ITEMS. (Issue: 17360)
[r26792] Add favicons to items in folders on the bookmark bar. (Issue: 22601)

Linux

Issues with drop down select boxes fixed.
[r26590] "Create application shortcuts" doing nothing: More reliably find the .desktop file for the browser. (Issue: 21995)
[r26647] Implement GetCPUUsage() so the task manager shows CPU. (Issue: 19864)
[r26891] Added download in progress dialog. (Issue: 21652)

Extensions

[r26526] Fix crashy toolstrips. (Issues: 22070, 22135)
[r26532] Audio and video tag doesn't work for extension resources. (Issue 22152)
[r26685] Fix an issue where we do not initiate the extension install UI with certain combinations of HTTP headers.
[r26556] Introduce chrome.tabs.executeScriptInTab() and chrome.tabs.insertCSSInTab(). (Issue: 12465)
[r26706] Hide the mole handle by default. (Issue: 15494)
[r26658] Remove the right-click devtools behavior. (Issue: 20634)
[r26654] Add CSS classes to the document when switching between toolstrip and mole mode.
--show-extensions-on-top works pretty well now (on windows). Try it out!

Sync

Sync library now built entirely from trunk.

Known Issues

(Issue 22585) - CMD+Down, CMD+Up no longer scrolling to top/bottom of page on Mac.
One machine in our QA group is seeing blank pages on Facebook. (Issue 22978)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

Version: 4.0.212.1 for Macintosh and 4.0.213.1 for Windows and Linux.

All Platforms

[r26815] New-FTP: Requires re-authentication when navigating around. (Issue: 21184)
[r26860] [DEPS] Move FTP LIST parsing code to the renderer process, limiting potential damage from security issues.

Windows

Issues with drop down select boxes fixed.
[r26359] BiDi-language filenames now displayed correctly in download shelf. (Issue: 10860)

Mac

Extension shelf (that weird gray box at the bottom) is only displayed if you have extensions installed.
[r26495] Add Command-0..8 shortcuts to "select Nth tab" and Command-9 to "select last tab".
[r26694] Basic emacs key bindings in text fields should work. (e.g., ctrl-e, ctrl-a, ctrl-d) (Issue: 12538)
[r26603] Paste-and-Go for Mac omnibox, cleaned up omnibox context menu. (Issues: 13021, 10937)
[r26471] Form controls now draw correctly in 10.6. (Issue: 19604)
[r26646] Search Engine Manager UI improved.
[r26567] Find bar now animates open and close.
[r26527] Pressing Up/Down arrows in find bar now scrolls page.
[r26853] Empty bookmark bar should show IDS_BOOKMARKS_NO_ITEMS. (Issue: 17360)
[r26792] Add favicons to items in folders on the bookmark bar. (Issue: 22601)

Linux

Extensions

[r26526] Fix crashy toolstrips. (Issues: 22070, 22135)
[r26532] Audio and video tag doesn't work for extension resources. (Issue 22152)
[r26685] Fix an issue where we do not initiate the extension install UI with certain combinations of HTTP headers.
[r26556] Introduce chrome.tabs.executeScriptInTab() and chrome.tabs.insertCSSInTab(). (Issue: 12465)
[r26706] Hide the mole handle by default. (Issue: 15494)
[r26658] Remove the right-click devtools behavior. (Issue: 20634)
[r26654] Add CSS classes to the document when switching between toolstrip and mole mode.
--show-extensions-on-top works pretty well now (on windows). Try it out!

Sync

Sync library now built entirely from trunk.

Known Issues

(Issue 22585) - CMD+Down, CMD+Up no longer scrolling to top/bottom of page on Mac.
One machine in our QA group is seeing blank pages on Facebook. (Issue 22978)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

Dev Channel Update

Friday, September 18, 2009

This week's changes for the dev channel, 4.0.211.2, is being released to all platforms.

All

Fixed a bug that prevented some Dailymotion videos from playing. [r25220]

Bug fixes in NewFTP. [r25624][r25729][r25750][r25771]

Improved New Tab page load performance. [r25232]

Win

Ensure that tips change when the Chrome language changes. [r25834]

Mac

Import from Firefox no longer hangs. [r25174]

Added SSL icons. [r26307]

Implement the search engine manager. [r26078]

Allow windows with a single tab to be merged into other windows with drag and drop.

Allow Snow Leopard systems to connect to certain IPv6-enabled web sites when only IPv4 is available. [r26051]

Prevent a sad tab when loading certain images on Snow Leopard. [r26089]

Don't show "Google Chrome did not shut down properly" when quit from the Dock, logout, restart, or shut down. [r26269]

Linux:

Make the bookmark toolbar folders act like a menu bar. [r25677]

Bookmark bar shows a menu on too many bookmarks. [r25200]

Implement external protocol handler dialog (e.g. for aim: URLs).[r25373]

Extensions can register page actions. [r25934]

Fix a crash when closing tabs that have open login prompts. [r26066]

Work around a Flash crash that mostly affects Gentoo users. [r26265]

Extensions

Enable/disable extension button on chrome://extensions

Update extensions now button to force autoupdate check on chrome://extensions

chrome.window and chrome.tab APIs can now reference relative URLs inside an extension

Known issues:

All

Large files do not download completely - bug 406

Linux:

Cannot be set as the default browser in GNOME (Already fixed by [r26314, r26316]).

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Anthony Laforge

Google Chrome Program Manage

UPDATE: 2009-09-22 - 4.0.211.7 is being pushed to Windows. It contains 2 fixes, the first resolves the issue which prevented large downloads and the second is a stability fix which should resolve a number of crashes (bug 22135). Thank you for you again for your patience.

UPDATE: 2009-09-19 - 4.0.211.4 is being pushed to Windows and resolves this issues with bookmark synchronization. Thank you for your patience.

UPDATE: THIS RELEASE HAS BEEN HALTED DUE TO A CRASHING ERROR WITH --enable-sync.

This week's changes for the dev channel, 4.0.211.2, is being released to all platforms.

All

Fixed a bug that prevented some Dailymotion videos from playing. [r25220]

Bug fixes in NewFTP. [r25624][r25729][r25750][r25771]

Improved New Tab page load performance. [r25232]

Win

Ensure that tips change when the Chrome language changes. [r25834]

Mac

Import from Firefox no longer hangs. [r25174]

Added SSL icons. [r26307]

Implement the search engine manager. [r26078]

Allow windows with a single tab to be merged into other windows with drag and drop.

Allow Snow Leopard systems to connect to certain IPv6-enabled web sites when only IPv4 is available. [r26051]

Prevent a sad tab when loading certain images on Snow Leopard. [r26089]

Don't show "Google Chrome did not shut down properly" when quit from the Dock, logout, restart, or shut down. [r26269]

Linux:

Make the bookmark toolbar folders act like a menu bar. [r25677]

Bookmark bar shows a menu on too many bookmarks. [r25200]

Implement external protocol handler dialog (e.g. for aim: URLs).[r25373]

Extensions can register page actions. [r25934]

Fix a crash when closing tabs that have open login prompts. [r26066]

Work around a Flash crash that mostly affects Gentoo users. [r26265]

Extensions

Enable/disable extension button on chrome://extensions

Update extensions now button to force autoupdate check on chrome://extensions

chrome.window and chrome.tab APIs can now reference relative URLs inside an extension

Known issues:

All

Large files do not download completely - bug 406

Linux:

Cannot be set as the default browser in GNOME (Already fixed by [r26314, r26316]).

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Anthony Laforge

Google Chrome Program Manage

Stable Channel Update

Tuesday, September 15, 2009

This release includes themes support, a brand new New Tab page, an updated omnibox, support for audio and video tags, and a higher performing V8 engine.

You can read more about it here.

Anthony Laforge

Google Chrome Program Manager

Security Fixes:

We would like to extend special thanks to Will Dormann of CERT for working with us to improve the security of the new audio and video codecs in this release.

CVE-2009-XXXX Content-Type: application/rss+xml being rendered as active content

Previously, we rendered RSS and Atom feeds as XML. Because most other browsers render these documents with dedicated feed previewers, some web sites do not sanitize their feeds for active content, such as
JavaScript. In these cases, an attacker might be able to inject JavaScript into a target web site.

More info: http://code.google.com/p/chromium/issues/detail?id=21238
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium. Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds.

Credit: Inferno of SecureThoughts.com

Mitigations:

A victim would need to visit a page under an attacker's control.
The target web site would need to let the attacker inject JavaScript into an RSS or an Atom feed.

CVE-2009-XXXX Same Origin Policy Bypass via getSVGDocument() method

The getSVGDocument method was lacking an access check, resulting in a cross-origin JavaScript capability leak. A malicious web site operator could use the leaked capability to inject JavaScript into a target web site hosting an SVG document, bypassing the same-origin policy.

More info: http://code.google.com/p/chromium/issues/detail?id=21338
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: High

Credit: Isaac Dawson

Mitigations:

A victim would need to visit a page under an attacker's control.
The target web site would need to host an SVG document.

3.0.195.21 has graduated from Beta to the Stable channel today.

This release includes themes support, a brand new New Tab page, an updated omnibox, support for audio and video tags, and a higher performing V8 engine.

You can read more about it here.

Anthony Laforge

Google Chrome Program Manager

Security Fixes:
We would like to extend special thanks to Will Dormann of CERT for working with us to improve the security of the new audio and video codecs in this release.
CVE-2009-XXXX Content-Type: application/rss+xml being rendered as active content

Previously, we rendered RSS and Atom feeds as XML. Because most other browsers render these documents with dedicated feed previewers, some web sites do not sanitize their feeds for active content, such as
JavaScript. In these cases, an attacker might be able to inject JavaScript into a target web site.

More info: http://code.google.com/p/chromium/issues/detail?id=21238
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium. Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds.

Credit: Inferno of SecureThoughts.com

Mitigations:

A victim would need to visit a page under an attacker's control.
The target web site would need to let the attacker inject JavaScript into an RSS or an Atom feed.

A victim would need to visit a page under an attacker's control.
The target web site would need to host an SVG document.

Beta Channel Update

Monday, September 14, 2009

A fix for issue 3380 which caused the browser to lose focus in certain conditions after installing a theme.
Fix About box truncation in some locales when a new version is available.

You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.

Anthony Laforge
Google Chrome Program Manager

The Windows Beta channel has been updated to 3.0.195.21.

This release includes some minor fixes:

A fix for issue 3380 which caused the browser to lose focus in certain conditions after installing a theme.
Fix About box truncation in some locales when a new version is available.

You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.

Anthony Laforge
Google Chrome Program Manager

Beta Update

Friday, September 11, 2009

The Windows Beta channel has been updated to 3.0.195.20.

This release includes better international support and stability/bug fixes for the New Tab page and themes support.

You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.

Anthony Laforge
Google Chrome Program Manager

Dev Channel Update: Bug fixes for Mac and Linux

Thursday, September 10, 2009

Version: 4.0.207.0 for Mac and Linux.

All:

Reflective XSS filter for better security against a common attack. See the mailing list post for more information.
Fixed extraneous horizontal scrollbars in Gmail (Issue: 7976)

Mac:

[r25560], [r25475], [r25478] Tweaks to the Omnibox look.
[r25182] Fix zoom (green maximize) button. (Issue: 17472)
[r25380] Adjust color spaces so that Mac Chrome renders colors properly. (Issues: 20552, 19951)
[r25167] Don't show favicons or throbbers for the New Tab page on the Mac. (Issues: 13337, 20378)
Uploading images with "Hide extension" set does now work. (Issue: 20857)

Linux:

[r25373] Add external protocol dialog for Linux. (Issue: 20731)
[r25100] Handle external protocols, e.g. mailto: links. (Issue: 20696)
[r25125] Fix crash when switching to a tab containing audio/video elements. (Issues: 20138, 19677)

Extensions:

[r25293] Added an auto-update now button to chrome://extensions page. (Issue: 17853)
[r25253] Fix crash on Mac when pressing "load unpacked extension" in chrome://extensions page. (Issue: 20860)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

This week's changes for the dev channel focus on bug fixes as well as a new defense for cross-site scripting attacks.
Version: 4.0.207.0 for Mac and Linux.

All:

Reflective XSS filter for better security against a common attack. See the mailing list post for more information.
Fixed extraneous horizontal scrollbars in Gmail (Issue: 7976)

Mac:

[r25560], [r25475], [r25478] Tweaks to the Omnibox look.
[r25182] Fix zoom (green maximize) button. (Issue: 17472)
[r25380] Adjust color spaces so that Mac Chrome renders colors properly. (Issues: 20552, 19951)
[r25167] Don't show favicons or throbbers for the New Tab page on the Mac. (Issues: 13337, 20378)
Uploading images with "Hide extension" set does now work. (Issue: 20857)

Linux:

[r25373] Add external protocol dialog for Linux. (Issue: 20731)
[r25100] Handle external protocols, e.g. mailto: links. (Issue: 20696)
[r25125] Fix crash when switching to a tab containing audio/video elements. (Issues: 20138, 19677)

Extensions:

[r25293] Added an auto-update now button to chrome://extensions page. (Issue: 17853)
[r25253] Fix crash on Mac when pressing "load unpacked extension" in chrome://extensions page. (Issue: 20860)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

Beta Channel Update

Tuesday, September 8, 2009

The Windows Beta channel has been updated to 3.0.195.17.
More stability/ bug fixes pertaining to the New Tab page, the omnibox, video tag, and themes support.
You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.
Anthony LaforgeGoogle Chrome Program Manager

Dev Channel Updated with fixes and extension changes

Friday, September 4, 2009

All Platforms

[r24663] Closing the download shelf removes all completed and cancelled downloads from it. (Issue: 15712)
[r24331] Fixes various audio/video events which were not firing. (Issues: 20152, 16768)
[r24519] Saved passwords for proxy servers are now correctly labeled. (Issue: 12992)
[r24384] Add single line of tips to New New Tab Page. (Issue: 19162)

[r24241] HTTP Auth dialog autofills passwords.
New Tab Page displays much faster. (Issue 13337)
[r23722, r 23955] Improved scrolling and display performance, particularly on machines without powerful graphics hardware (such as laptops)
[r24621] Plugins starting offscreen will draw correctly when they scroll into view (Issue 20234)

Linux

[r24241] HTTP Auth dialog autofills passwords.
[r24558] Fix the find bar so the match count is inside the entry. (Issue: 17962)
[r24831] Now respects both GNOME and KDE proxy settings. (Issue: 17363)
[r24930] Implemented "Confirm form resubmission" dialog. (Issue: 19761)
[r24454] Don't paste primary selection when middle clicking scrollbars. (Issue: 16400)
[r24287] Fix inability to select Times New Roman in font options with some versions of Pango. (Issue: 19823)
[r24903, r25007] Fixed tab dragging on 64-bit. (Issue: 20513)
[r25039] Fixed 64-bit JavaScript crash on some CPUs. (Issue: 20789)

Extensions

Two breaking changes (see mailing list post for more information):

[r24816] Enforce granular permissions
[r24770] Modified several APIs to be more consistent

[r24539] Polish the look of Linux extension shelf. (Issue: 16759)
[r24599] Polish extension install UI.
[r24864] Allow extension toolstrip to detach. (ctrl+alt+b)
[r24871, r24877] Polish chrome://extensions/ page. Add convenience developer tools to load an extension and pack an extension.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

The dev channels have been updated to 4.0.206.1.

All Platforms

[r24241] HTTP Auth dialog autofills passwords.
New Tab Page displays much faster. (Issue 13337)
[r23722, r 23955] Improved scrolling and display performance, particularly on machines without powerful graphics hardware (such as laptops)
[r24621] Plugins starting offscreen will draw correctly when they scroll into view (Issue 20234)

Linux

Extensions

Two breaking changes (see mailing list post for more information):

[r24816] Enforce granular permissions
[r24770] Modified several APIs to be more consistent

[r24539] Polish the look of Linux extension shelf. (Issue: 16759)
[r24599] Polish extension install UI.
[r24864] Allow extension toolstrip to detach. (ctrl+alt+b)
[r24871, r24877] Polish chrome://extensions/ page. Add convenience developer tools to load an extension and pack an extension.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt

Engineering Program Manager

Chrome Releases

Stable Channel Update

Beta Channel Update

Dev Channel Updated: Bug fixes

Dev Channel Update

Stable Channel Update

Beta Channel Update

Beta Update

Dev Channel Update: Bug fixes for Mac and Linux

Beta Channel Update

Dev Channel Updated with fixes and extension changes

Labels

Archive