The Google Chrome team is happy to announce the arrival of Chrome 15.0.874.102 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 15 contains some really great improvements including a new New Tab page. You can read about it more on the Google Chome blog.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Although Chrome is not directly affected by the attack, the NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue. The lighttpd project fixed a compatibility issue at version 1.4.27 and newer.
In addition, we would like to thank Sławomir Błażek and Aki Helin of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.
Karen Grunberg
Google Chrome
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$500] [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.
- [$12174] [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).
- [$1000] [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.
- [$6337] [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.
- [$2000] [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
- [$1500] [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov.
- [$1000] [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.
- [$2000] [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.
- [100322] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.
Although Chrome is not directly affected by the attack, the NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue. The lighttpd project fixed a compatibility issue at version 1.4.27 and newer.
In addition, we would like to thank Sławomir Błażek and Aki Helin of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.
Karen Grunberg
Google Chrome
32 comments:
Congrats on the release!
Chrome Thanks for the great work you've done. Thanks for the release of the stable channel 15.0 that was long expected and described with respect to the bugs will have some problem for the end user?
I can't run it under Fedora. SELinux AVC denial :(
For main feature changes, see here: http://goo.gl/QEZ1t
Sync search engines seems like the biggest change.
@Fedor: sorry about the SELinux thing on Fedora. Chrome 16 builds should be OK if you want to try one of those?
Five or six crashes in less than an hour, after been very stable for months. I hope my automatically generated crash reports will help.
When will this release to Chromebooks? I'm really wanting to switch over to Stable from Beta because I offline Gmail doesn't work in Beta. is there a way to force an update?
Im not liking Google Chrome 15...
I hate the new tab page that can't be edited, I don't want people to see the most visited webpages... and can't remove it, neither my applications =/
Next release should add an option to remove, or an easier way to remove it as I can't find any way to remove them.
Dear Tovagulet, you should try the Incredible Start Page extension to solve your problems with the new tab. LM
I'm confused. If there are some "really great improvements," why don't you tell us what they are? This is, after all, the Google Chrome Releases blog, not a Google Chrome Security blog. There is always great detail given for security fixes, but never for other improvements. What gives?
All scrollbars are blue now ☺
after intalling the upgrade, alot pages dont load, some load a bit but they freeze
(sorry for my bad english)
I just wish Chrome did support web fonts better. It displays the web fonts the worst from all browsers that support them and that includes such relicts as IE7. Choosing not to enable any sort of smoothing on older OSes is also hard to understand.
@Peter, you can always get more info on new features in a release at the Google Chrome blog (http://chrome.blogspot.com/); hope that helps.
Eh? None of my extensions work now. None at all! I'm running the stable release, too...
Gah! Sergey made like 15 G's with Chrome 15!!! Ballinnnnnnnn
Your print to PDF on the Mac is NOT an improvement! It doesn't allow integration Apple's Preview which is important if you want to actually EDIT AND ANNOTATE the article before you file it.
This version is telling that you need to install plugin??????
this is not stable why google updated this version as stable?????
great to see Google gives money to ppl that finds exploits on Chrome..
great policies you have there
I wish my shitty company (ArcelorMittal, which belongs to a goddamn greedy fuckin indian) did this.
Google Chrome is the best web browser !
I've never had a crash or a problem with the web browser! I love it!
Thanks Google
Still there is no "clear history older than XXX" option.
Still there is no "clear history older than XXX" option.
I can now play WebM video on YouTube at a solid 30 fps for 720p full screen, whereas before it was only half that much. Thanks, Google!
Just one thing fix the built in flash for chrome it is glitchy.
The new NEW TAB page is horrible!
With the latest release, I'm getting a lot more "browser tab crashed" messages than before. I was thinking Chrome got rid of this pesky message.
Great update but there is the issue of the Skype Add-on which causes Chrome to continually prompt user to update plugin, I installed Java twice and the Media Player plugin more than that only to find after a frustrating afternoon of the yellow band accusing me of not having a plugin updated that it was an issue with Skype. It does not auto update so cancelling or clicking on update has no effect
What spacebear is pointing out is true, though i'm using Chromium 17 right now and i dont anymore those random crashes.
But most importantly, those crashes are recurring when you open a page and quickly after, by using the new tab button, you open a new page (roughly one or two second after) the browser tab crash message is displayed. This has been the case since Chrome 13 and we're now at Chromium 17, the issue is still there.
I'm running on WinXPSP3 if that helps.
Is there a chance that the various installers for google applications will be able to use an authenticating proxy? I am getting frustrated as I was able to install Chrome last night with no problems, but today it just stalls with no other message than ' No internet connection' and a link to a help-section that goes nowhere near suggesting an offline install'.. Searching for this issue reveals this has been a problem since at least 2008..
Is there a way to get the old New Tabs back? I really hate this new one. It's nothing but a big inconvenience.
@Cesia
Glad I'm not the only one who hates it.
You can no longer pin tiles or re-arrange them. This is such a huge step backwards, I just don't understand why they did this...
Post a Comment