Google Chrome

Google Chrome 62.0.3202.94

Google has released Version 26.0.1410.43 of the Chrome browser. This version contains enhanced 'Ask Google for Suggestions' spell checking features, as well as security and bug fixes.
 
Google has released Version 27.0.1453.93 of the Chrome browser. This update improves: page loading times, ranking of predictions, and spell correction, and adds the chrome.syncFileSystem API. It also updates the Flash player, and contains stability and security fixes
 
Stable Channel Update
Posted: 09 Jul 2013 12:50 PM PDT
Update: We are separately updating users to Flash Player 11.8.800.97 via our component updater.

The Stable channel has been updated to 28.0.1500.71 for Windows, Macintosh and Chrome Frame platforms.
Security fixes and rewards:




Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.)



This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues):



· [$21,500] A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.
· [252216] Low CVE-2013-2867: Block pop-unders in various scenarios.
· [252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets.
· [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets.
· [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team.
· [$6267.4] [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.
· [$3133.7] [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris.
· [$2000] [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.
· [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.
· [$1000] [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.
· [Windows + NVIDIA only] [$500] [237611] Medium CVE-2013-2874: Screen data leak with GL textures. Credit to “danguafer”.
· [$500] [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.
· [229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe.
· [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.
· [196636] None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson.
· [177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.



In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:
· [256985] High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives (Chrome 28).

Chrome Releases: Stable updates
 
Mike submitted a new resource:

Google Chrome - Chrome is a fast, simple, and secure web browser, built for the modern web.

Google Chrome is a freeware web browser developed by Google that uses the WebKift layout engine until version 27 and, with the exception of its iOS releases, from version 28 and beyond the WebKit fork Blink. It was released as a beta version for Microsoft Windows on September 2, 2008, and as a stable public release on December 11, 2008. As of April 2013, according to StatCounter, Google Chrome has a 39% worldwide usage share of web browsers making it the most widely used web browser in the...

Read more about this resource...
 
Mike updated Google Chrome with a new update entry:

Google Chrome Updated to 29.0.1547.76

Improved omnibox suggestions, the ability to reset your profile back to the original state, plus lots of stability improvements:

Chrome has been updated to 29.0.1547.76 for Windows, Mac, Linux and Chrome Frame. This release includes the following fixes:

  • [288935] Flash Player does not work in Metro mode
  • [278370] Unable to submit client certificates over TLS 1.2 from Windows
  • [278940] Canvas loses ability to render, is blank even if page reloaded

Other stability...

Read the rest of this update entry...
 
kemical updated Google Chrome with a new update entry:

Chrome 32

Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 32 to the Stable channel. 32.0.1700.76 for Windows and Chrome Frame and 32.0.1700.77 for Mac and Linux. This release contains a number of fixes and improvements, including:
  • Tab indicators for sound, webcam and casting
  • A different look for Win8 Metro mode
  • Automatically blocking...

Read the rest of this update entry...
 
Google has released Version 33.0.1750.117 of the Chrome browser. This version contains security and bug fixes.

Stable Channel Update

The Stable Channel has been updated to 33.0.1750.117 for Windows, Mac, and Linux.

Security Fixes and Rewards

This update includes 28 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$2000][334897] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
[$1000][331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
[$3000][333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
[$3000][293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
[$500][331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
[$1000][331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil.
[$2000][322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
[$1000][306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.

[332579] Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys.

As usual, our ongoing internal security work responsible for a wide range of fixes:
  • [344876] Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.
Many of the above bugs were detected using AddressSanitizer.
 
Google has released Version 33.0.1750.149 of the Chrome browser. This version updates the Flash Player, and contains security and bug fixes.
Stable Channel Update

The Stable Channel has been updated to 33.0.1750.149 for Windows, Mac, and Linux.

This release also contains a Flash Player update, to version 12.0.0.77.

Security Fixes and Rewards

This update includes 7 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$4000][344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
[$3000][342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.
[$1000][333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne.

As usual, our ongoing internal security work responsible for a wide range of fixes:

[338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.
[328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.
http://googlechromereleases.blogspot.co.uk/search/label/Stable updates
 
Google has released Version 34.0.1847.116 of the Chrome browser. Changes in this version include a different look for Windows 8 Metro mode, new apps/extension APIs, updating of the Flash Player, along with security and bug fixes.

The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including:
  • Responsive Images and Unprefixed Web Audio
  • Import supervised users onto new computers
  • A number of new apps/extension APIs
  • A different look for Win8 Metro mode
  • Lots of under the hood changes for stability and performance
You can read more about these changes at the Chrome blog.

Flash Player has been updated to 13.0.0.182, which is included w/ this release.

Security Fixes and Rewards

This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$5000][354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
[$5000][353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
[$3000][348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
[$3000][343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
[$2000][356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
[$2000][330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
[$1500][337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
[$1000][327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
[$3000][357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
[$1000][346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
[$1000][342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.

As usual, our ongoing internal security work responsible for a wide range of fixes:
Many of the above bugs were detected using AddressSanitizer.

As we’ve previously discussed, Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the priority of constituencies, and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields.

A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Daniel Xie
Google Chrome

ref:
http://googlechromereleases.blogspot.co.uk/search/label/Stable updates
 
Back
Top Bottom