Chrome Releases: March 2011

Chrome Beta Release

Tuesday, March 22, 2011

HTML5 speech input API

GPU-accelerated 3D CSS

The brand new shiny Chrome icon

Official Chrome BlogSVN revision logfiling a bugFind out how

Dev Channel Update

Monday, March 21, 2011

The following bugs were fixed

clicking on the labels of checkboxes / radio buttons closes content settings dialog box (Issue 76115).

Unlock Keyring makes chrome unusable (Issue 72499 ).

Sample extension for chrome.experimental.proxy API (Issue 62700 ).

Several known crashes (Issue 76401 and Issue 75264 ).

http://dev.chromium.org/getting-involved/dev-channelhttp://code.google.com/p/chromium/issues/entry

Dev Channel Update

Thursday, March 17, 2011

The following bugs were fixed

about:gpu can still launch GPU process even though GPU is blocked by software rendering list (Issue 76115).

REGRESSION: After crash, Restore infobar shows up everytime you open a link from external app (Issue 75654 ).

App context-menu doesn't disappear even after uninstalling the extension, causes crash when selected (Issue 75662).

A known crash (Issue 74777).

Fails SPDY-related check (Issue 75657).

http://dev.chromium.org/getting-involved/dev-channelhttp://code.google.com/p/chromium/issues/entry

Stable and Beta Channel Updates

Thursday, March 17, 2011

Jason Kersey

Google Chrome

The Chrome Stable and Beta channels have been updated to 10.0.648.151 for Windows, Mac, Linux and Chrome Frame. This release blacklists a small number of HTTPS certificates. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how. Jason KerseyGoogle Chrome

Dev Channel Update

Tuesday, March 15, 2011

The following bugs were fixed

New York Times Chrome app crashes on the Chorme Dev Channel (Issue 75563).

Sync login dlg is truncated (Issue 72490 ).

Status bar / target URL not shown when hovering over links(Issue 75268).

Several known crashes (Issues 75171 and 75443 and 75828).

Bookmark focus is not lost when moved away from the bookmark bar (Issue 75367).

Tooltips from browser tabs are persisting for too long (Issue 75334 ).

Content settings updates don't reflect the current Incognito session(Issue 74466).

NewTabPage is not updating when a new theme is applied (Issue 74311).

fixed download requests in chrome frame which occur in response to top level POSTs (Issue 73985 ).

Chrome locks up on form submit, constantly duplicating autofill settings to blame(Issue 74911).

http://dev.chromium.org/getting-involved/dev-channelhttp://code.google.com/p/chromium/issues/entry

Stable and Beta Channel Updates

Tuesday, March 15, 2011

Jason Kersey
Google Chrome

The Chrome Stable and Beta channels have been updated to 10.0.648.134 for Windows, Mac, Linux and Chrome Frame. This release contains an updated version of the Adobe Flash player. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

Stable and Beta Channel Updates

Friday, March 11, 2011

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$1337] CVE-2011-1290 [75712] High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI (ZDI-CAN-1167).

If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

The Chrome Stable and Beta channels have been updated to 10.0.648.133 for Windows, Mac, Linux and Chrome Frame. This release fixes the following security issue:
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$1337] CVE-2011-1290 [75712] High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI (ZDI-CAN-1167).

If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

Dev Channel Update

Thursday, March 10, 2011

The following bugs were fixed

Can not select omnibox auto suggested entries by clicking at it (Issue 75366).

Linux: "Behavior " string is not externalized on the Exceptions page(Issue 74080).

Chromium not loading some plugins (Issue 75351).

POST omits body after NTLM authentication (Issue 62687).

Known Issues

Crash when opening tab/startup @ SkBitmap::lockPixels (Issue 75531).

http://dev.chromium.org/getting-involved/dev-channelhttp://code.google.com/p/chromium/issues/entry

Chrome OS Beta Channel Update

Thursday, March 10, 2011

If you find new issues, please let us know by visiting our help site or filing a bug.

Josafat Garcia

Google Chrome

The Chrome OS Beta channel has been updated to the latest R10 release 0.10.156.50 including the new Chrome 10 (10.0.648.127). Full details of the Chrome 10 release is available in the blogpost. If you find new issues, please let us know by visiting our help site or filing a bug.

Josafat Garcia

Google Chrome

Dev Channel Update

Tuesday, March 8, 2011

All

Updated V8 - 3.2.0.1

New “cookies and other data” page in tabbed settings (Issue 64154).

Mac

Turned confirm to quit on by default (Issue 60591)

Tweak the Tab Overview UI (Issue 50307)

Cloud Print connector UI enabled.

Known Issues

Regression: Can not select omnibox auto suggested entries by clicking at it (Issue 75366)

REGRESSION: Bookmark focus is not lost when moved away from the bookmark bar (Issue 75367)

log of all revisions.http://dev.chromium.org/getting-involved/dev-channelhttp://code.google.com/p/chromium/issues/entry

Chrome Stable Release

Tuesday, March 8, 2011

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

As can be seen, a few lower-severity issues were rewarded on account of being particularly interesting or clever. And some rewards were issued at the $1500 and $2000 level, reflecting bug reports where the reporter also worked with Chromium developers to provide an accepted patch.

[42574] [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
[Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang.
[Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG.
[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
[$500] [69628] High Memory corruption with counter nodes. Credit to Martin Barbella.
[$1000] [70027] High Stale node in box layout. Credit to Martin Barbella.
[$500] [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean.
[$1000] [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov.
[Linux only] [70779] Medium Out of bounds read handling unicode ranges. Credit to miaubiz.
[$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
[70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva.
[$1000] [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz.
[71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR.
[$1000] [72028] High Stale pointer in table painting. Credit to Martin Barbella.
[73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team.
[$1000] [73066] High Crash with the DataView object. Credit to Sergey Glazunov.
[$1000] [73134] High Bad cast in text rendering. Credit to miaubiz.
[$2000] [73196] High Stale pointer in WebKit context code. Credit to Sergey Glazunov.
[73716] Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans).
[$1500] [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov.
[$1000] [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov.
[$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
[$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.

We would also like to thank Ben Hawkes of the Google Security Team, Sergey Glazunov, Martin Barbella and “temp01irc” for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

Last, but not least, we’d like to offer special thanks (plus additional rewards to those listed above) to Christian Holler. This is for working with us on his grammar-based fuzzing project, resulting in a more stable and secure “Crankshaft” engine for v8.

More on what's new at the Official Chrome Blog. You can find full details about the changes that are in Chrome 10 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

The Google Chrome team is excited to announce the arrival of Chrome 10.0.648.127 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 10 contains some really great improvements including:

New version of V8 - Crankshaft - which greatly improves javascript performance
New settings pages that open in a tab, rather than a dialog box
Improved security with malware reporting and disabling outdated plugins by default
Sandboxed Adobe Flash on Windows
Password sync as part of Chrome Sync now enabled by default
GPU Accelerated Video
Background WebApps
webNavigation extension API (experimental but ready for testing)

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

As can be seen, a few lower-severity issues were rewarded on account of being particularly interesting or clever. And some rewards were issued at the $1500 and $2000 level, reflecting bug reports where the reporter also worked with Chromium developers to provide an accepted patch.

[42574] [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
[Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang.
[Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG.
[$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
[$500] [69628] High Memory corruption with counter nodes. Credit to Martin Barbella.
[$1000] [70027] High Stale node in box layout. Credit to Martin Barbella.
[$500] [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean.
[$1000] [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov.
[Linux only] [70779] Medium Out of bounds read handling unicode ranges. Credit to miaubiz.
[$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
[70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva.
[$1000] [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz.
[71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR.
[$1000] [72028] High Stale pointer in table painting. Credit to Martin Barbella.
[73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team.
[$1000] [73066] High Crash with the DataView object. Credit to Sergey Glazunov.
[$1000] [73134] High Bad cast in text rendering. Credit to miaubiz.
[$2000] [73196] High Stale pointer in WebKit context code. Credit to Sergey Glazunov.
[73716] Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans).
[$1500] [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov.
[$1000] [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov.
[$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
[$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.

We would also like to thank Ben Hawkes of the Google Security Team, Sergey Glazunov, Martin Barbella and “temp01irc” for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

Last, but not least, we’d like to offer special thanks (plus additional rewards to those listed above) to Christian Holler. This is for working with us on his grammar-based fuzzing project, resulting in a more stable and secure “Crankshaft” engine for v8.

More on what's new at the Official Chrome Blog. You can find full details about the changes that are in Chrome 10 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

Chrome Releases

Beta Channel Update

Dev Channel Update

Stable Channel Update

Chrome OS Beta Channel Update

Chrome Beta Release

Dev Channel Update

Dev Channel Update

Stable and Beta Channel Updates

Dev Channel Update

Stable and Beta Channel Updates

Stable and Beta Channel Updates

Dev Channel Update

Chrome OS Beta Channel Update

Dev Channel Update

Chrome Stable Release

Labels

Archive