Chrome-Final version

Stable Channel Update
Posted: 23 May 2012 03:15 PM PDT
The Chrome Stable channel has been updated to
19.0.1084.52 on Windows, Mac, Linux and Chrome Frame.

Security
fixes and rewards:

Please see the Chromium
security page formore detail. Note that the referenced bugs may be kept private until a majorityof our users are up to date with the fix.




· [117409] High CVE-2011-3103: Crashes in v8 garbage
collection. Credit to the Chromium
development community (Brett Wilson).


· [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).


· [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter
handling. Credit to miaubiz.


· [122654] Critical CVE-2011-3106: Browser memory corruption with
websockets over SSL. Credit to the
Chromium development community (Dharani Govindan).


· [124625] High CVE-2011-3107: Crashes in the plug-in
JavaScript bindings. Credit to the
Chromium development community (Dharani Govindan).


· [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser
cache. Credit to “efbiaiinzinz”.


· [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.


· [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security
Team, with contributions by Gynvael Coldwind of the Google Security Team.


· [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.


· [127331] High CVE-2011-3112: Use-after-free with invalid
encrypted PDF. Credit to Mateusz
Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of
the Google Security Team.


· [127883] High CVE-2011-3113: Invalid cast with colorspace handling
in PDF. Credit to Mateusz Jurczyk
of the Google Security Team, with contributions by Gynvael Coldwind of the
Google Security Team.


· [128014] High CVE-2011-3114: Buffer overflows with PDF
functions. Credit to Google Chrome
Security Team (scarybeasts).


· [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.




Many of these bugs were detected using AddressSanitizer.


Full details about what changes are in this
release are available in the SVN revision log. If you find a new issue,
please let us know by filing a bug.


Anthony Laforge
Google Chrome

Dev Channel Update
Posted: 29 May 2012 06:07 PM PDT
The Dev channel has been updated
to 21.0.1155.2 for Windows, Mac, Linux, and Chrome Frame. This build
contains following updates:


· Updated V8 - 3.11.6.2
· Gamepad API prototype http://www.w3.org/TR/gamepad/ available by default.
· TLS 1.1 is enabled by default.
· Mouse Lock (Pointer Lock) no longer requires fullscreen. [r138150][r138944] Native Client applications
can use this now, while the JavaScript API still requires enabling in about:flags.
Try e.g. http://media.tojicode.com/q3bsp/

Full details
about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

Stable Channel Update
Posted: 08 Jun 2012 02:57 PM PDT
The Stable channel has been
updated to 19.0.1084.56 for Windows, Linux, and Chrome Frame. This build
contains a new version of Flash Player (11.3), in addition to some minor
stability fixes.

Stable Channel Update
Posted: 26 Jun 2012 02:32 PM PDT
The Google
Chrome team is happy to announce the arrival of Chrome 20 (20.0.1132.43) to the
Stable Channel for Windows, Mac, Linux, and Chrome Frame.


Security fixes and
rewards:

Please seethe Chromium
security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are up to
date with the fix.


· [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google.
· [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processesinterfering with each other. Credit
to Google Chrome Security Team (Justin Schuh).
· [$1000] [120222] High CVE-2012-2817: Use-after-free in tablesection handling. Credit to
miaubiz.
· [$1000] [120944] High CVE-2012-2818: Use-after-free in counterlayout. Credit to miaubiz.
· [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium
development community.
· [121926] Medium CVE-2012-2820: Out-of-bounds read in SVGfilter handling. Credit to Atte
Kettunen of OUSPG.
· [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”.
· [various] Medium CVE-2012-2822: Misc. lower severity OOB readissues in PDF. Credit to awesome
ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz
Jurczyk, Gynvael Coldwind).
· [$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resourcehandling. Credit to miaubiz.
· [$1000] [125374] High CVE-2012-2824: Use-after-free in SVGpainting. Credit to miaubiz.
· [128688] Medium CVE-2012-2826: Out-of-bounds read in textureconversion. Credit to Google
Chrome Security Team (Inferno).
· [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community
(Dharani Govindan).
· [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team
and Google Chrome Security Team (Chris Evans).
· [$1000] [129947] High CVE-2012-2829: Use-after-free in first-letterhandling. Credit to miaubiz.
· [$1000] [129951] High CVE-2012-2830: Wild pointer in array valuesetting. Credit to miaubiz.
· [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL.Credit to Moshe Zioni of Comsec
Consulting.
· [$1000] [130356] High CVE-2012-2831: Use-after-free in SVGreference handling. Credit to
miaubiz.
· [131553] High CVE-2012-2832: Uninitialized pointer in PDFimage codec. Credit to Mateusz
Jurczyk of Google Security Team.
· [132156] High CVE-2012-2833: Buffer overflow in PDF JS API.Credit to Mateusz Jurczyk of
Google Security Team.
· [$1000] [132779] High CVE-2012-2834: Integer overflow in Matroskacontainer. Credit to Jüri Aedla.

And some additional rewards for
issues with a wider scope than Chrome:


· [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire.
· [64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.

Many of the above bugs were detected
usingAddressSanitizer.


We’d also like to thank Arthur Gerkis, Atte Kettunen of OUSPG and
miaubiz for working with us during the development cycle and preventing
security regressions from ever reaching the stable channel. Various additional
rewards were issued for this awesomeness.

Full details about what changes are in this
release are available in the SVN revision log. Interested in hopping on the stable
channel? Find out how. If you find a new issue, please let usknow by filing a bug.

Stable Channel Update
Posted: 26 Jun 2012 02:32 PM PDT
The Google
Chrome team is happy to announce the arrival of Chrome 20 (20.0.1132.43) to the
Stable Channel for Windows, Mac, Linux, and Chrome Frame.


Security fixes and
rewards:

Please seethe Chromium
security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are up to
date with the fix.


· [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google.
· [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processesinterfering with each other. Credit
to Google Chrome Security Team (Justin Schuh).
· [$1000] [120222] High CVE-2012-2817: Use-after-free in tablesection handling. Credit to
miaubiz.
· [$1000] [120944] High CVE-2012-2818: Use-after-free in counterlayout. Credit to miaubiz.
· [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium
development community.
· [121926] Medium CVE-2012-2820: Out-of-bounds read in SVGfilter handling. Credit to Atte
Kettunen of OUSPG.
· [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”.
· [various] Medium CVE-2012-2822: Misc. lower severity OOB readissues in PDF. Credit to awesome
ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz
Jurczyk, Gynvael Coldwind).
· [$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resourcehandling. Credit to miaubiz.
· [$1000] [125374] High CVE-2012-2824: Use-after-free in SVGpainting. Credit to miaubiz.
· [128688] Medium CVE-2012-2826: Out-of-bounds read in textureconversion. Credit to Google
Chrome Security Team (Inferno).
· [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community
(Dharani Govindan).
· [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team
and Google Chrome Security Team (Chris Evans).
· [$1000] [129947] High CVE-2012-2829: Use-after-free in first-letterhandling. Credit to miaubiz.
· [$1000] [129951] High CVE-2012-2830: Wild pointer in array valuesetting. Credit to miaubiz.
· [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL.Credit to Moshe Zioni of Comsec
Consulting.
· [$1000] [130356] High CVE-2012-2831: Use-after-free in SVGreference handling. Credit to
miaubiz.
· [131553] High CVE-2012-2832: Uninitialized pointer in PDFimage codec. Credit to Mateusz
Jurczyk of Google Security Team.
· [132156] High CVE-2012-2833: Buffer overflow in PDF JS API.Credit to Mateusz Jurczyk of
Google Security Team.
· [$1000] [132779] High CVE-2012-2834: Integer overflow in Matroskacontainer. Credit to Jüri Aedla.

And some additional rewards for
issues with a wider scope than Chrome:


· [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire.
· [64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.

Many of the above bugs were detected
usingAddressSanitizer.


We’d also like to thank Arthur Gerkis, Atte Kettunen of OUSPG and
miaubiz for working with us during the development cycle and preventing
security regressions from ever reaching the stable channel. Various additional
rewards were issued for this awesomeness.

Full details about what changes are in this
release are available in the SVN revision log. Interested in hopping on the stable
channel? Find out how. If you find a new issue, please let usknow by filing a bug.

Stable Channel Update
Posted: 11 Jul 2012 10:03 AM PDT
The Stable
channel has been updated to 20.0.1132.57 for Windows, Mac, Linux, and Chrome
Frame. Along with below mentioned security fixes, this build contains an update
to Flash player, v8 (3.10.8.20) and couple of stability/bug fixes.


Security fixes and rewards:

Please see the Chromium security
page for more
detail. Note that the referenced bugs may be kept private until a majority of
our users are up to date with the fix.


· [$1000] [129898] High CVE-2012-2842: Use-after-free in counterhandling. Credit to miaubiz.
· [$1000] [130595] High CVE-2012-2843: Use-after-free in layoutheight tracking. Credit to miaubiz.
· [133450] High CVE-2012-2844: Bad object access withJavaScript in PDF. Credit to
Alexey Samsonov of Google.

Many of these bugs were
detected using AddressSanitizer.


More detailed updates are available on the Chrome Blog. Full details about what
changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.



Dharani Govindan
Google Chrome

Beta Channel Update
Posted: 18 Jul 2012 04:24 PM PDT
The Beta channel has been updated to 21.0.1180.49for Windows, Mac, Linux and ChromeFrame platforms

All
§ Several crash fixes(Issues: 134550, 129446)
§ Fixed Autofill doesnot work in Incognito mode (Issue: 137100)
Windows
§ Fixed Legitimate Pop Upis blocked when Pepper Flash is used (Issue: 134959)
§ Fixed Disappearing TabsOn Windows 8 (Issue: 135304)
Mac
§ Fixed parentalcontrols related problems on mac (Issue: 134311)
Linux
§ Fixed Chrome neverstops blocking power save features once blocked on KDE (Issue: 137538)
§ Fixed Linux usersexperiencing slowdown due to accessibility being turned on (Issue: 137537)
More details about additional changes are available in thesvn log of all revisions.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

KarenGrunberg
Google Chrome

Google has released Version 21.0.1180.60 of the Chrome browser. This update contains a new API for high-quality video and audio, as well as a large number of security and bug fixes.

Stable Channel Update
Posted: 08 Aug 2012 10:28 AM PDT
The Stable channel has been updated to21.0.1180.75 for Mac, Linux, Windows and Chrome Frame

This build fixes:
§ Flash videos not longerremaining in fullscreen when clicking a secondary monitor while the video isplaying (Issue: 140366).
§ Flash video full screendisplays on wrong monitor (Issue: 137523)
§ REGRESSION: Renderingdifference in Chrome 21 and 22 that affected on Persian Wikipedia (Issue: 139502)
§ Some known crashes(Issues: 137498, 138552, 128652, 140140)
§ Audio objects are not"switched" immediately (Issue: 140247)
§ Print and Print Previewignore paper size default in printer config (Issue: 135374)
§ Candidate windows isshown in wrong place in Retina display (Issue: 139108)
§ more of the choppy anddistorted audio issues (Issue: 136624)
§ Japanese charactersshowing in Chinese font (Issue: 140432)
§ Video playback issueswith flash-based sites (Issue: 139953)
§ Sync invalidationnotification broken after restart (Issue: 139424)
Security fixes
and rewards:
Please seethe Chromium security page for more detail.
Note that the referenced bugs may be kept private until a majority of our users
are up to date with the fix.


· [136643] [137721] [137957] High CVE-2012-2862: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team,
with contributions by Gynvael Coldwind of Google Security Team.
· [136968] [137361] High CVE-2012-2863: Out-of-bounds writes in PDF
viewer. Credit to Mateusz Jurczyk
of Google Security Team, with contributions by Gynvael Coldwind of Google
Security Team.


All of
the above bugs were detected usingAddressSanitizer.



If you find new issues, please let us know by filing a bugat http://code.google.com/p/chromium/issues/entry

KarenGrunberg
Google Chrome

Boooooooo... I SR Ware's Iron all the way baby.