- New Extensions APIs
- Updated Omnibox Prerendering
- Download Scanning Protection
- Many other small changes
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
- [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
- [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
- [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
- [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
- [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek.
- [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
- [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
- [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
- [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
- [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).
In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, Sławomir Błażek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.
More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.
Jason Kersey
Google Chrome
34 comments:
Bug of feature: the "+" sign is no longer in the little icon for adding a new tab...
Bug: Search engine short cut key "d" doesn't work ("c" & "e" are fine). This has been carried over from V16.
Great work! I like the NTP button and settings tweaks and eagerly await the Uber Page.
@bbchopper
That's probably just you. You can either try uninstalling and reinstalling chrome, or it might be an extension that's using that keyword. try disabling all of your extensions and see if it works.
any hope of vertical tabs coming back. Please!!
+ sign on new tab is intentionally gone. Probably to avoid confusion with google+ services.
SVN revision log link (in post) does not work. Remove extra space before revision numbers. Should be "http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=%2Fbranches%2F963%2Fsrc&range=119351%3A106036&mode=html"
Need something in the new tab button. Since there is nothing to focus on my mind forces a direct view and confirmation each time I look at Chrome from another window.
How are bugs prioritized for fixing? I reported a bug (#57370) seventeen months ago about localized extensions and web applications failing to install in some Chrome configurations, but there's been very little movement on it.
Bug: In some cases where should be displayed flash it only shows Missing plugin.
What happened to the preferences on Mac? The elements (check boxes, radio buttons, etc.) look fuzzy and don't use the standard OS X colors being grey instead of blue. Additionally "Search preferences" cuts of the last s.
It looks very unpolished now.
Where is the users shortcuts ?
Odd behavior showing up in Chrome 17 when visiting Adobe.com (Windows 7). Hovering over Products, Solutions or Store at the top and the browser "jumps" three or four times to that page without clicking on it. I confirmed with a coworker that Chrome 16 does not have that behavior. That's the only site that I've noticed any problems.
This release have a regression. The bug of web kit rendering flash that was fixed in release 16 is now available again.
For some reason, Chrome is using three flash player plugins; two of them being version 11.1.102.55, and one of them being version 11.1.31.203.
There are two of every flash instance (ex: Two YouTube players, two advertisements, two flash games, one covering the other), and so I disabled all but the 11.1.31.203 flash. Now the Flash is running very badly, jittering and skipping, and for some reason the text is all blurred, but there is only one instance of flash, not two. I disabled 11.1.31.203 and enabled one of the 11.1.102.55 flash plugins, at which point everything runs perfectly, no doubling, no blurry text.
Good luck fixing things?
+ icon on new tab disappear
@Ardi Sugianto: As Red Aether said first, the + sign was intentionally removed. It's been that way in Canary and Dev builds for a while now.
Also, I'm having the same problems with multiple copies of flash causing grief.
One of annoying bug... Whenever I try to save an already open image, the browser downloads it again, What a waste of bandwidth
The one thing i don't like about Google chrome is about the flash getting crashed again,i hope this is fixed in the new version,if not please do it in the next stable release.
I am having issues on viewing Youtube videos on Facebook, when I click on a video these two scrolling bars come out which doesn't allow me to watch the video in it's original viewing size, is anybody having this issue?
No probs in my chrome!!
No probs in my chrome!!
But wy did de remuv d + sign 4 adding new tabs?
At times, it's confusing!!
http://code.google.com/p/chromium/issues/detail?id=108228
This is the bug that was fixed in 16 but reappear in 17 version. I think that was a code merge problem.
Please fix this again !
Claudio
He was finally released the final version of Google Chrome 17 was the version that took over Chrome was far too late for releases - it
I have noticed on my Mac in the last few weeks and from today's update that Placeholder text does not disappear on focus. Is this a bug or is this correct as Google Chrome is the only browser so far to start doing it this way?
Which was is correct and does anybody have any solid reasoning for both?
Cheers
Stu
Pressing F6 no longer selects all the text in the address bar.
I'm looking at 17.0.963.46 m, and trying to get to my dev page on an app.spot.com. The SSL doesn't match, and previously I've always had a "I understand the risks, proceed anyway" link. That link is gone, and my only options are "back" or "more information" which doesn't give me anything.
I need to get to my app.spot for testing purposes. Help please!
Did they award Aki Helin the 1337 speak number intentionally?..
f6 is now broken. It doesn't highlight anything now. I don't want to have to click the address bar with my mouse to highlight everything. Please someone, fix the f6 key issue. This update must have broken something.
Does this update include the CR-48? I updated chrome on Ubuntu here but not my Chromebook. Any other way to update my CR-48?
I've noticed with v17 that the 'Search Elements' box in the Elements panel no longer takes css selectors. Was that intentional? I often used it to verify selectors, disappointed it's gone - it was very convenient. Using the console with "document.querySelector" is much less so!
As a faithful Chrome user, I have to say this version sucks.
-- Flash may or may not work.
-- Some links internal to web pages, when clicked, load and then simply vanish leaving you a blank page.
Turning off prerendering doesn't help.
-- Version seems sluggish as a result of feature creep that doesn't add any value in terms of user experience.
XP SP3,Catalyst 11.8
Quite a good build:
-The blue page anomaly is almost (Almost...) corrected
-Speed is excellent,no crash so far
-the way the History is displayed is plain gorgeous.Don't eva change it,please.
The problems:
- A MAJOR ONE.I just updated my JRE to 1.7.0.3 and now the java test fails with Chrome BUT not with IE8 (Patched from 14/02/2012) !!!
I can't play at Balls&Walls anymore either:
http://www.zylom.com/us/en/online-games/balls-n-walls/?sgid=51
My java apps work nevertheless.
- enabling "GPU Accelerated Drawing" breaks the scroll bar (Its behaviour becomes erratic) and makes it transparent(!).
- one last thing that intrigues me:the WebM test in Peacekeeper stutters.Is it Chrome or the test itself (Been like this ever since the new Peacekeeper was released) ?
Post a Comment