Thursday, July 16, 2009

Stable, Beta update: Bug fixes


[Update: Added CVE numbers for the security issues. --mal@chromium.org, 21 July 2009]

Google Chrome 2.0.172.37 has been released to the Beta and Stable channels. This release fixes some minor bugs:

  • Fix: Solving captcha images broken at orkut.com. (Issue 15569)
  • Make forward/backward navigation work even when redirection is involved. (Issue 9663, issue 10531)
  • Fix: Daylight savings time not recognized for some CET locales. (Issue 12579)
  • Fix a browser crash on closing a URL request. (Issue 8942)
  • Update the V8 Javascript engine to version 1.1.10.14 to fix issues with regular expressions.
  • Update Gears to the latest release, 0.5.25.0.

In addition, this release fixes the following security issues:

CVE-2009-2555 Heap overflow with Javascript regular expressions

Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.

More info: http://code.google.com/p/chromium/issues/detail?id=14719 (This issue will be made public once a majority of users are up to date with the fix.)

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: This issue was found by the Google Chrome security team.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.


CVE-2009-2556 Memory corruption in the browser process

A compromised renderer (tab) process could cause the browser process to allocate very large memory buffers. This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.

Severity: Critical. In conjunction with a vulnerability allowing arbitrary code to run in the renderer, an attacker might be able to run code with the privileges of the logged on user.

Credit: This issue was found by the Google Chrome security team.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • The attacker must exploit a second vulnerability to control the renderer process.

Labels: ,

16 Comments:

Blogger Manish said...

What is the bug ID for "Memory corruption in the browser process" issue? Is it same as 14719?

11:52 AM, July 16, 2009  
Blogger hbguru said...

I'm trying to update but it says my 172.33 is up-to-date. Any thoughts?

2:56 PM, July 16, 2009  
Blogger Bob said...

I'm getting the same (2.0.172.33 says it's up-to-date).

5:28 PM, July 16, 2009  
Blogger Wade said...

It took several hours but mine finally updated.

7:21 PM, July 16, 2009  
Anonymous Anonymous said...

This build seems to having some problems in relation to facebook websites. The login process are slow and error arises. When attempt to click the back button, the process is terminate without loading the content of the websites. When click the reload button, the process is on-going without stopping and hard to login and open up the homepage of an account. As a result, error messages keep on appearing without any other reason. Previous build seems to running stable and error free. Please fix this issue as soon as possible.

11:49 PM, July 16, 2009  
Anonymous Anonymous said...

Java is still running very unstable. Multiple applets on different iframes crashes the browser and JVM. You are still unable to solve the Java live connect problems with Chrome.

11:07 AM, July 17, 2009  
Blogger The MAZZTer said...

I have problems relating to HTTP POSTs and it may be relating to Jeffrey's problems.

It seems occasionally when a Chrome rendering process starts up, the process will refuse to send POST data along with HTTP POSTs, breaking many websites. This persists for the lifetime of the process and it must be killed and restarted to fix HTTP POST requests.

It is most notable on web forums where POSTs are used for logging in and making... well, posts.

11:59 AM, July 17, 2009  
Blogger Keith said...

Did they completely forget about the Print Preview feature? I uninstalled mine because it didn't have this feature! Even ie and Firefox have it. Lame!

1:46 PM, July 17, 2009  
Blogger qvtqht said...

The standalone installer is now two releases behind, still stuck at 2.0.172.28. I keep having to trust third-party sites to download the new version.

Have you guys given up on standalone completely? Can you please add it to your build process? I keep having to

5:02 PM, July 17, 2009  
Blogger Alex said...

"Make forward/backward navigation work even when redirection is involved." : But you broke another thing : redirection with button.onclick event don't allow forward/backward navigation anymore :/

7:08 PM, July 18, 2009  
Blogger Tomy Thomson said...

The ajaxy menus on deviantart.com do not work properly with this release. Also sometimes youtube videos fail to load on first click (just get a black screen with no player controls).

2:53 PM, July 19, 2009  
Blogger Fliscorno said...

Using Gmail with Chrom leads to privacy violation issue: when the Gmail session is started through a http url (instead of https), snippets of the email conversations are shown in the Chrome history search.

This can be quite serious depending on what information is displayed and on who reads it.

The full story can be found here:
- in Portuguese

- and here in a Google "translation". It's enough to pay attention to the section "5. Practical test".

8:00 AM, July 20, 2009  
Blogger Fliscorno said...

Well, I hope the previous two links won't be perceived as "shameless self-promotion" :-) They are intended to illustrate the point. But feel free to edit the comment if you want.

8:11 AM, July 20, 2009  
Anonymous Anonymous said...

Yeah it is a great and nice article looking forward to have such article it is so useful. Please come visit my site Orlando Business Directory when you got time.

10:26 AM, July 20, 2009  
Anonymous Anonymous said...

It is very interesting article and quite impressive and more informative and looking forward to read such article. Please visit my site Hialeah Business Directory when you got time.

10:27 AM, July 20, 2009  
Anonymous Anonymous said...

This build seems to be unstable when click on the back button whereby the error message occur frequently and causing people desire to switch to the latest Google Chrome development build version 3.0.193.1. Besides that, the latest development have a tiny problem related to the facebook webpage whereby the chat session cannot click and show a list of people who is available for chat. Please fix this bug as soon as possible before anything happen.

1:25 AM, July 22, 2009  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home