Chrome Releases: 2008

Dev update: New Gears

Sunday, December 21, 2008

Google Chrome's Dev channel has been updated to version 1.0.154.42. This release fixes a few minor bugs, and updates Gears to 0.5.8.0 to fix an occasional crash in some sites with offline applications enabled.

Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The complete list of bugs fixed are available in the release notes.

--Mark Larson, Google Chrome Program Manager

Dev update: Bug fixes

Tuesday, December 16, 2008

Google Chrome's Dev channel has been updated to version 1.0.154.39. This release fixes a handful of bugs, including a few additional fixes that should help with Hotmail compatibility.
The previous release announcement has instructions for how to change Google Chrome's user agent string so that you can test the Hotmail fix.

Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The complete list of bugs fixed are available in the release notes.

--Mark Larson, Google Chrome Program Manager

Stable release: Google Chrome is out of Beta!

Thursday, December 11, 2008

Google Chrome is now officially out of Beta. Read about it here.
All users will get updated to the latest release over the next few days. The version of the latest update is 1.0.154.36.
Note to Dev channel users: The Dev channel release will stay at 0.4.154.33. The current stable release is the same as the current Dev channel release without the Hotmail fix (which hasn't been tested enough to release to all users). An update is coming next week.

Dev release: Fixes Hotmail, Options dialog on XP 64-bit

Monday, December 8, 2008

Google Chrome's Dev channel has been updated (version: 0.4.154.33). This release fixes the following issues:

[r6482] Fixes issues with composing mail and switching folders in Hotmail. Hotmail still does not properly recognize Google Chrome, so to use the site, you have to add the following to the shortcut you use to launch Google Chrome:

--user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1 Safari/525.19"

Right-click the Google Chrome shortcut, click Properties, and paste the line above to the end of the Target field.
Note: This should only be used for testing or a temporary workaround to use Hotmail; it makes sites treat your browser as Safari 3. We hope to get the issue with user agent detection resolved with Hotmail so this step isn't needed.
[r6421] Fixes a crash when opening the Options dialog on 64-bit Windows. (Issue 49)
[r6418] Allows Google Desktop links to launch Google Chrome as the default browser.

Find about the Dev channel and how to subscribe at http://dev.chromium.org/getting-involved/dev-channel.

The complete release notes are available here.

--Mark Larson, Google Chrome Program Manager

[Edit: Noted that changing the user agent string should be used for testing only.]

Dev release: 0.4.154.31

Wednesday, December 3, 2008

Google Chrome 0.4.154.31 has been released to the Dev channel only. This is a bugfix-only release. There are no new features.

See http://dev.chromium.org/getting-involved/dev-channel for information about subscribing to the Google Chrome Dev channel.

Please file (or update existing) issues at http://code.google.com/p/chromium/issues.

Bugs Fixed

Fixes several browser crashes.
Fixes trackpad scrolling on more laptops.
Fix Sogou Pinyin Chinese input method editor (IME) skipping the first letter typed.

The complete list of fixes is in the detailed release notes.

--Mark Larson, Google Chrome Program Manager

Beta release: 0.4.154.29

Monday, December 1, 2008

Google Chrome 0.4.154.29 has been released and all users will get automatically updated over the next 48 hours.

This release upgrades Gears to 0.5.4.2 to address a security issue with Gears 0.5.4.0 and earlier versions:

Gears Cross-Origin Worker Vulnerability
CVE: CVE-2008-5258
A vulnerability in Gears could allow an attacker to run code in the context of a site that serves user-controlled files. To exploit this, an attacker needs to upload a malicious file to the victim's site and convince the user to allow the attacker's site to use Gears.

Severity: High. Even though this requires convincing users to allow a third-party site to use Gears, it could allow data theft and cross-site scripting on sites hosting user-created content, even those that do not use Gears.
Credit: Thanks to Yair Amit, Senior Security Researcher, IBM Rational Application Security Research Team for responsibly reporting the issue to Google.

This release also contains a fix to stop crashes while dragging tabs on computers running Windows Vista.

Beta release: 0.4.154.25

Monday, November 24, 2008

Google Chrome version 0.4.154.25 has been released. You will automatically get updated in the next few days. You can open About Google Chrome (from the wrench menu) to get the update at any time.

This is a roll up of fixes that have previously been released to our Dev channel users. See http://dev.chromium.org/getting-involved/dev-channel/release-notes for details on the changes that have been made since 0.3.154.9.

Note: Please use the excellent Google Chrome Help Center or file a bug to report problems. There are a lot of people watching those sites and ready to help.

New Features

Bookmark manager with import/export.

Use the 'Customize and control Google Chrome' (wrench) menu to open the Bookmark manager. You can search bookmarks, create folders, and drag and drop bookmarks to new locations. The Bookmark Manager's Tools menu lets you export or import bookmarks.

Privacy section in Options.

We grouped together all of the configuration options for features that might send data to another service. Open the wrench menu, click Options, and select the Under the Hood tab.

New blocked pop-up notification.

The pop-up blocker formerly just minimized pop-up windows to the lower right corner of the browser window, create one 'constrained' window for each pop-up. Now, Google Chrome displays one small notification in the corner that shows the number of blocked pop-ups. A menu on the notification lets you open a specific pop-up, if needed.

Security Issues

This release fixes an issue with downloaded HTML files being able to read other files on your computer and send them to sites on the Internet. We now prevent local files from connecting to the network with XMLHttpRequest() and also prompt you to confirm a download if it is an HTML file.

Severity: Moderate. If a user could be enticed to open a downloaded HTML file, this flaw could be exploited to send arbitrary files to an attacker.
[Originally fixed in 154.18]

Other Updates

Bug-fix updates (no new features) to major components:

Gears is updated to version 0.5.4.0 (from 0.4.24.0).
V8 (JavaScript engine) is updated to 0.3.9.2 (from 0.3.5.0).

--Mark Larson, Google Chrome Program Manager

Dev Release: 0.4.154.23

Wednesday, November 19, 2008

We're releasing another update to the Dev channel because "Woah. Google Chrome has crashed."

We pushed 154.22 on Monday night, and immediately found that it crashes frequently. Thank you to everyone who has "Help make Google Chrome better..." enabled: the crash reports we received allowed us to identify and respond to the issue quickly.

This release fixes the primary causes of crashes in 0.4.154.22 (see issue 4531).

--Mark Larson, Google Chrome Program Manager

Dev Release: 0.4.154.22

Monday, November 17, 2008

Google Chrome 0.4.154.22 has been released to the Dev channel ONLY. This is a bugfix-only release. There are no new features.

About the Dev Channel

The Dev channel lets you test the latest fixes and get access to new features as they're being developed. You can learn more about the Dev channel and how to subscribe here:http://dev.chromium.org/getting-involved/dev-channel/.

Reminder: please file (or update existing) issues at http://code.google.com/p/chromium/issues.

Top Issues Fixed

Google Chrome sometimes hangs when using a site with Gears offline data enabled.
If you don't have Adobe Flash installed, Google Chrome shows a message with a link to install Flash. The installer would get downloaded, but failed to install Flash. (Issue 4346)
Sometimes you had to restart Google Chrome twice after an update to get the new version. (Issue 4316)
Google Chrome was preventing pop-up windows from opening Javascript alert messages. This broke some sites that open forms in new windows and use Javscript alert() to notify you about form errors. (Issue 4158)
Folders you add to the bookmarks bar were not always showing up in the folder list of the Add bookmark dialog. (Issue 766)
Potential fix for Google Chrome crashing on Windows XP 64-bit when you open the Options dialog. (Issue 49)

For a full list of all the bugs addressed since 154.18, please visit http://dev.chromium.org/getting-involved/dev-channel/release-notes.

--Mark Larson, Google Chrome Program Manager

Dev Release: 0.4.154.18

Tuesday, November 11, 2008

Google Chrome 0.4.154.18 has been released to the Dev channel ONLY. This release introduces a couple of new features (and, as always, fixes a few bugs).

About the Dev Channel

Reminder: please file (or update existing) issues at http://code.google.com/p/chromium/issues.

New Features

Bookmark manager with import/export.
Use the 'Customize and control Google Chrome' (wrench) menu to open the Bookmark manager. You can search bookmarks, create folders, and drag and drop bookmarks to new locations. The Bookmark Manager's Tools menu lets you export or import bookmarks.
Privacy section in Options.
We grouped together all of the configuration options for features that might send data to another service. Open the wrench menu, click Options, and select the Under the Hood tab.
New blocked pop-up notification.
The pop-up blocker formerly just minimized pop-up windows to the lower right corner of the browser window, create one 'constrained' window for each pop-up. Now, Google Chrome displays one small notification in the corner that shows the number of blocked pop-ups. A menu on the notification lets you open a specific pop-up, if needed.

Known Issues

Sites that use Gears to synchronize offline data may occasionally hang. You should disable offline access for sites until a fix is released. (We're working on it and hope to have the update later this week.)

Security Issues

This release fixes an issue with downloaded HTML files being able to read other files on your computer and send them to sites on the Internet. We now prevent local files from connectin to the network with XMLHttpRequest() and also prompt you to confirm a download if it is an HTML file.
Severity: Moderate. If a user could be enticed to open a downloaded HTML file, this flaw could be exploited to send arbitrary files to an attacker.

For more details on what's changed and what issues are fixed, see the detailed release notes at http://dev.chromium.org/getting-involved/dev-channel/release-notes.

--Mark Larson, Google Chrome Program Manager

Beta release: 0.3.154.9

Wednesday, October 29, 2008

Google Chrome version 0.3.154.9 has been released. You will automatically get updated in the next few days. You can open About Google Chrome (from the wrench menu) to get the update at any time.
This release fixes the top issues we've heard about from people using the Beta release, especially with plugins (the programs that show video on sites like YouTube).
This is a roll up of fixes that have previously been released to our Dev channel users. See http://dev.chromium.org/getting-involved/dev-channel/release-notes for details on the changes that have been made since 0.2.149.30.
Security Update

This release fixes an issue with address spoofing in pop-ups. A site could convince a user to click a link to open a pop-up window. The window's address bar could be manipulated to show a different address than the actual origin of the content.
Security rating: Medium. This flaw could be used to mislead people about the origin of a web site in order to get them to divulge sensitive information.
Disclosed by: Liu Die Yu of the TopsecTianRongXin research lab.

Top Issues Fixed

Scrolling with laptop touchpads now works.
Improved performance and reliability for plugins (like Flash, Silverlight, QuickTime, and Windows Media). We fixed issues with video not loading, stopping after a second, and slowing down or freezing Google Chrome (100% CPU usage).
Fixed the 'chrome has crashed' message when you close a tab that was showing PDF using Adobe Reader 9.
We no longer store data from secure sites (they use https: and show a lock in the address bar) in your history. You can still search your history for the site's address, but not the contents on the page.
Improved performance and reliability for people who use web proxies (thanks to griffinz for the fixes).

Changes to how things look and work

The New tab, New window, and New incognito window options moved from the 'Control the current page' menu to the 'Customize and control Google Chrome' (wrench) menu. Thanks to Szymon Piechowicz for the patch.
'New incognito window' always opens a new window. 'New window' always opens a new normal window. Both options are always visible on the wrench menu.
The spell checker works on text input fields and underlines misspelled words. You can now add words to the spell check dictionary so they are not shown as misspelled (right click on a misspelled word and choose 'Add to dictionary...').
The download behavior for files that could run programs (exe, dll, bat, etc.) has changed. These files are now downloaded to unconfirmed_*.download files. Google Chrome asks you if you want to accept the download. Only after you click Save is the unconfirmed_*.download file converted to the real file name. Downloads that you never confirm are deleted when Google Chrome exits.

--Mark Larson, Google Chrome Program Manager

Dev Release: 0.3.154.6

Friday, October 24, 2008

Google Chrome 0.3.154.6 has been released to the Dev channel ONLY. This is a bug fix update to 0.3.154.3.
About the Dev ChannelThe Dev channel lets you test the latest fixes and get access to new features as they're being developed. You can learn more about the Dev channel and how to subscribe here: http://dev.chromium.org/getting-involved/dev-channel/

Reminder: please file (or update existing) issues at http://code.google.com/p/chromium/issues.
Bugs Fixed

--Mark Larson, Google Chrome Program Manager

Dev Release: 0.3.154.3

Wednesday, October 15, 2008

Google Chrome 0.3.154.3 has been released to the Dev channel ONLY.

About the Dev Channel

The Dev channel lets you test the latest fixes and get access to new features as they're being developed. You can learn more about the Dev channel and how to subscribe here: http://dev.chromium.org/getting-involved/dev-channel/

Release Highlights

Crash Fixes

Release 154.0 had a few browser crashes, including a crash on startup on tablet PCs running Windows Vista. We fixed the new crashes and 154.3 should be much more stable.

Plugin Performance Fixes

There are more plugin performance updates in this release, including fixing some videos that halt after 1 second (r3123, Issue 115) and plugins causing the browser to become unresponsive (r3323).

Safer Downloads

r3228 Changes the download behavior for files that could execute code (exe, dll, bat, etc.). These files are now downloaded to unconfirmed_*.download files. In the browser, you're asked if you want to accept the download. Only after you click Save is the unconfirmed_*.download file converted to the real file name. Unconfirmed downloads are deleted when Google Chrome exits.

There were many more minor changes. A more complete list can be found here: http://dev.chromium.org/getting-involved/dev-channel/release-notes.

--Mark Larson, Google Chrome Program Manager

Dev Release: 0.3.154.0

Friday, October 3, 2008

Google Chrome 0.3.154.0 has been released to the Dev channel ONLY.

About the Dev Channel

The Dev channel lets you test the latest fixes and get access to new features as they're being developed. You can learn more about the Dev channel and how to subscribe here: http://dev.chromium.org/getting-involved/dev-channel/

Release Highlights: Plugin Fixes

This release includes several changes that improve the performance of plugins, especially Adobe Flash video. We address issues with plugins causing 100% CPU usage, locking up Google Chrome, and not playing at all on some pages. (Issues 93, 387, 772, 1533)

We also improved the experience with a few default search engines: improved results display with voila.fr (French), enabled search suggestions for voila.fr and daum.net (Korean), and fixed an issue that sometimes prevented importing Windows Live Search as your default from Internet Explorer settings.

There were many more minor changes. A more complete list can be found here: http://dev.chromium.org/getting-involved/dev-channel/release-notes .

--Mark Larson, Google Chrome Program Manager

Dev release: 0.2.153.1

Thursday, September 25, 2008

Google Chrome version 0.2.153.1 has been released to Dev channel subscribers ONLY.
About the Dev ChannelThe Dev channel lets you test the latest fixes and get access to new features as they're being developed. We will release new builds to the Dev channel about every week so that you can preview --and provide feedback on-- what's coming in Google Chrome.
You can learn more about the Dev channel and how to subscribe here: http://dev.chromium.org/getting-involved/dev-channel/
Release Highlights

A more complete list of changes can be found here: http://dev.chromium.org/getting-involved/dev-channel/release-notes

--Mark Larson, Google Chrome Program Manager

Beta release: 0.2.149.30

Thursday, September 18, 2008

Google Chrome version 0.2.149.30 was released on 17 September 2008. Users will get automatic updates over the next few days.

Security Updates

[r2042] Fix a potential denial of service with very long title attributes on tags. The title attribute sets the tooltip text when you hover the mouse over an element.
Security Rating: Low risk. This can lead to 100% CPU usage or a tab crash.
More information: http://www.securityfocus.com/bid/30975

Other Changes

[r1927] Stop adding content from HTTPS sites to the searchable index.
Google Chrome keeps a searchable history of pages you visit. This history is only stored locally on your computer. Previously, this searchable history included the text from secure sites, such as your online bank (any sites using SSL for security). Google Chrome no longer saves text from secure pages in its local history. The address bar and local history search page will no longer find data from secure sites you have visited.

If you are concerned about data that might have been indexed for searching before this release, you can follow the Google Chrome Help Center instructions for clearing your browsing history.

[r1978] Don't send sensitive URLs to search suggest services. Google Chrome stops sending data to a suggest service if the typed URL:

contains a username:password field (http://username:password@example.com/)
has query parameters (the trailing ?param=data following the URL)
is an https URL with any path component (any part following the hostname, such as /path in https://www.example.com/path)

[r1848, r1943, r2003] Fixes to the Google Chrome updater to make updates more reliable.

[r1859] Fix problems with Flash not playing video if too many connections are opened. For example, using the slider to advance video on YouTube could cause video to stop playing.

[r2059] Allow JavaScript to communicate with Java applets. Fixes bug 580.

[r1299] JavaScript: Dispatch contextmenu events after mouseup events. This fixes the right-click menu not working on Google Spreadsheets. Fixes bug 745.

[r1692] Fix crashes with some plugins --3dvia was the most widely reported-- when they return an error for NPN_GetValue. Fixes bug 493.

Beta release: 0.2.149.29

Monday, September 8, 2008

Google Chrome version 0.2.149.29 was released on 5 September 2008, and all users are being automatically updated. Automatic updates are a key security feature in helping to ensure the safety of Google Chrome users.