Wednesday, February 8, 2012

Stable Channel Update

The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame.  17.0.963.46 contains a number of new features including:
  • New Extensions APIs
  • Updated Omnibox Prerendering
  • Download Scanning Protection
  • Many other small changes
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

  • [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
  • [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
  • [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
  • [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
  • [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
  • [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
  • [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
  • [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
  • [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
  • [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
  • [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
  • [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
  • [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek.
  • [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
  • [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
  • [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
  • [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
  • [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
  • [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
  • [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).
The bugs [105459], [106441], [108416], [108901], [109716], [109743], [110112], [110277], [110374]  and [110559] were detected using AddressSanitizer.

In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, Sławomir Błażek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.

More detailed updates are available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

34 comments:

Per Bylund said...

Bug of feature: the "+" sign is no longer in the little icon for adding a new tab...

BBChopper said...

Bug: Search engine short cut key "d" doesn't work ("c" & "e" are fine). This has been carried over from V16.

Cody said...

Great work! I like the NTP button and settings tweaks and eagerly await the Uber Page.

Chris said...

@bbchopper
That's probably just you. You can either try uninstalling and reinstalling chrome, or it might be an extension that's using that keyword. try disabling all of your extensions and see if it works.

Robby said...

any hope of vertical tabs coming back. Please!!

Red Aether said...

+ sign on new tab is intentionally gone. Probably to avoid confusion with google+ services.

Trisped said...

SVN revision log link (in post) does not work. Remove extra space before revision numbers. Should be "http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=%2Fbranches%2F963%2Fsrc&range=119351%3A106036&mode=html"

Need something in the new tab button. Since there is nothing to focus on my mind forces a direct view and confirmation each time I look at Chrome from another window.

Rob said...

How are bugs prioritized for fixing? I reported a bug (#57370) seventeen months ago about localized extensions and web applications failing to install in some Chrome configurations, but there's been very little movement on it.

Irmantas said...

Bug: In some cases where should be displayed flash it only shows Missing plugin.

Matrus said...

What happened to the preferences on Mac? The elements (check boxes, radio buttons, etc.) look fuzzy and don't use the standard OS X colors being grey instead of blue. Additionally "Search preferences" cuts of the last s.

It looks very unpolished now.

Mamdouh said...
This comment has been removed by the author.
Mamdouh said...

Where is the users shortcuts ?

Daniel said...

Odd behavior showing up in Chrome 17 when visiting Adobe.com (Windows 7). Hovering over Products, Solutions or Store at the top and the browser "jumps" three or four times to that page without clicking on it. I confirmed with a coworker that Chrome 16 does not have that behavior. That's the only site that I've noticed any problems.

CDM said...

This release have a regression. The bug of web kit rendering flash that was fixed in release 16 is now available again.

martinthew said...

For some reason, Chrome is using three flash player plugins; two of them being version 11.1.102.55, and one of them being version 11.1.31.203.

There are two of every flash instance (ex: Two YouTube players, two advertisements, two flash games, one covering the other), and so I disabled all but the 11.1.31.203 flash. Now the Flash is running very badly, jittering and skipping, and for some reason the text is all blurred, but there is only one instance of flash, not two. I disabled 11.1.31.203 and enabled one of the 11.1.102.55 flash plugins, at which point everything runs perfectly, no doubling, no blurry text.

Good luck fixing things?

ardi sugianto said...

+ icon on new tab disappear

Sleeper said...

@Ardi Sugianto: As Red Aether said first, the + sign was intentionally removed. It's been that way in Canary and Dev builds for a while now.
Also, I'm having the same problems with multiple copies of flash causing grief.

◄♪♫ संदिप पाटील ♫♪► said...

One of annoying bug... Whenever I try to save an already open image, the browser downloads it again, What a waste of bandwidth

Deon dsouza said...

The one thing i don't like about Google chrome is about the flash getting crashed again,i hope this is fixed in the new version,if not please do it in the next stable release.

eLDuRo said...

I am having issues on viewing Youtube videos on Facebook, when I click on a video these two scrolling bars come out which doesn't allow me to watch the video in it's original viewing size, is anybody having this issue?

MaNgO said...

No probs in my chrome!!

MaNgO said...

No probs in my chrome!!
But wy did de remuv d + sign 4 adding new tabs?
At times, it's confusing!!

CDM said...

http://code.google.com/p/chromium/issues/detail?id=108228

This is the bug that was fixed in 16 but reappear in 17 version. I think that was a code merge problem.

Please fix this again !

Claudio

Rafael said...

He was finally released the final version of Google Chrome 17 was the version that took over Chrome was far too late for releases - it

Stu Greenham said...

I have noticed on my Mac in the last few weeks and from today's update that Placeholder text does not disappear on focus. Is this a bug or is this correct as Google Chrome is the only browser so far to start doing it this way?

Which was is correct and does anybody have any solid reasoning for both?

Cheers
Stu

madnutter56 said...

Pressing F6 no longer selects all the text in the address bar.

CLW13 said...

I'm looking at 17.0.963.46 m, and trying to get to my dev page on an app.spot.com. The SSL doesn't match, and previously I've always had a "I understand the risks, proceed anyway" link. That link is gone, and my only options are "back" or "more information" which doesn't give me anything.

I need to get to my app.spot for testing purposes. Help please!

Thomas Wright said...

Did they award Aki Helin the 1337 speak number intentionally?..

TwhiT said...

f6 is now broken. It doesn't highlight anything now. I don't want to have to click the address bar with my mouse to highlight everything. Please someone, fix the f6 key issue. This update must have broken something.

pspmodel2001 said...

Does this update include the CR-48? I updated chrome on Ubuntu here but not my Chromebook. Any other way to update my CR-48?

Vincent Kargatis said...

I've noticed with v17 that the 'Search Elements' box in the Elements panel no longer takes css selectors. Was that intentional? I often used it to verify selectors, disappointed it's gone - it was very convenient. Using the console with "document.querySelector" is much less so!

Victor said...

As a faithful Chrome user, I have to say this version sucks.

-- Flash may or may not work.

-- Some links internal to web pages, when clicked, load and then simply vanish leaving you a blank page.
Turning off prerendering doesn't help.

-- Version seems sluggish as a result of feature creep that doesn't add any value in terms of user experience.

Louis said...

XP SP3,Catalyst 11.8

Quite a good build:
-The blue page anomaly is almost (Almost...) corrected
-Speed is excellent,no crash so far
-the way the History is displayed is plain gorgeous.Don't eva change it,please.

The problems:
- A MAJOR ONE.I just updated my JRE to 1.7.0.3 and now the java test fails with Chrome BUT not with IE8 (Patched from 14/02/2012) !!!
I can't play at Balls&Walls anymore either:
http://www.zylom.com/us/en/online-games/balls-n-walls/?sgid=51
My java apps work nevertheless.
- enabling "GPU Accelerated Drawing" breaks the scroll bar (Its behaviour becomes erratic) and makes it transparent(!).
- one last thing that intrigues me:the WebM test in Peacekeeper stutters.Is it Chrome or the test itself (Been like this ever since the new Peacekeeper was released) ?

maple story mesos said...
This comment has been removed by a blog administrator.