*Acer C7 devices will not receive updates if their Hardware ID matches this pattern: "PARROT <NAME_OF_FISH> <LETTER>-E <NUMBERS>". To continue receiving updates, please switch to the beta channel. Updates to the stable channel will resume in the New Year. To find a device's Hardware ID, go to chrome://system, click on 'Expand' next to 'bios_info' and find the row entitled 'hwid'.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
*Acer C7 devices will not receive updates if their Hardware ID matches this pattern: "PARROT <NAME_OF_FISH> <LETTER>-E <NUMBERS>". To continue receiving updates, please switch to the beta channel. Updates to the stable channel will resume in the New Year. To find a device's Hardware ID, go to chrome://system, click on 'Expand' next to 'bios_info' and find the row entitled 'hwid'.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
325418, when reporting and issue, sometimes the page will fail to completely load. When this happens please close the tab and retry.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 15 security fixes. Below, we highlight fixes that were either contributed by external researchers or are particularly interesting. Please see the Chromium security page for more information.
[$1337][307159] Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets.
[$2000][314469] High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer.
[$500][322959] Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. Credit to Bas Venis.
We would also like to thank cloudfuzzer for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $2500 in additional rewards were issued.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[325501] CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.
[319722] Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
[319835] High CVE-2013-6639: Out of bounds write in v8.This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
[319860] Medium CVE-2013-6640: Out of bounds read in v8.This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project.
Many of the above bugs were detected using AddressSanitizer.
A full list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Systems will be receiving updates over the next several days.
Some highlights of these changes are:
When pressing the overview mode button, users will see an organized view of all their windows.
Alt-tab will now present scaled window previews to allow the user to tab over windows and see all targets at once.
Get Help app have been updated to include a "Discover" section.
The new auto click feature which will generates a click after the mouse pointer moved, is now available via Accessibility settings.
Known Issues:
For the Chromebook Pixel, upon restore from suspension, initial inputs via keyboard may be delayed.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).
* This reward was co-sponsored by the HP Zero Day Initiative as part of Mobile Pwn2Own 2013.
Please seethe Chromium security pagefor more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
A full list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 25 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$500][268565] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani.
[$2000][272786] High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer.
[$500][282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
[$1000][290566] High CVE-2013-6624: Use after free related to “id” attribute strings. Credit to Jon Butler.
[$2000][295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
[295695] Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva.
[$4000][299892] High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined.
[$1000][306959] Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris.
We would also like to thank miaubiz and Atte Kettunen of OUSPG for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $2000 in additional rewards were issued.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[315823] Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
[258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.
[299835] Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google.
[296804] High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project.
Many of the above bugs were detected using AddressSanitizer.
A full list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
