Chrome Releases
Release updates from the Chrome team
Stable Channel Update
Tuesday, September 15, 2009
3.0.195.21 has graduated from Beta to the Stable channel today.
This release includes themes support, a brand new New Tab page, an updated omnibox, support for audio and video tags, and a higher performing V8 engine.
You can read more about it
here
.
Anthony Laforge
Google Chrome Program Manager
Security Fixes:
We would like to extend special thanks to Will Dormann of CERT for working with us to improve the security of the new audio and video codecs in this release.
CVE-2009-XXXX Content-Type: application/rss+xml being rendered as active content
Previously, we rendered RSS and Atom feeds as XML. Because most other browsers render these documents with dedicated feed previewers, some web sites do not sanitize their feeds for active content, such as
JavaScript. In these cases, an attacker might be able to inject JavaScript into a target web site.
More info:
http://code.google.com/p/chromium/issues/detail?id=21238
(This issue will be made public once a majority of users are up to date with the fix.)
Severity:
Medium. Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds.
Credit:
Inferno of
SecureThoughts.com
Mitigations:
A victim would need to visit a page under an attacker's control.
The target web site would need to let the attacker inject JavaScript into an RSS or an Atom feed.
CVE-2009-XXXX Same Origin Policy Bypass via getSVGDocument() method
The getSVGDocument method was lacking an access check, resulting in a cross-origin JavaScript capability leak. A malicious web site operator could use the leaked capability to inject JavaScript into a target web site hosting an SVG document, bypassing the same-origin policy.
More info:
http://code.google.com/p/chromium/issues/detail?id=21338
(This issue will be made public once a majority of users are up to date with the fix.)
Severity:
High
Credit:
Isaac Dawson
Mitigations:
A victim would need to visit a page under an attacker's control.
The target web site would need to host an SVG document.
Labels
Admin Console
43
Android WebView
19
Beta
21
Beta update
4
Beta updates
1995
chrome
15
Chrome Dev for Android
123
Chrome for Android
927
Chrome for iOS
364
Chrome for Meetings
5
Chrome OS
1149
Chrome OS Flex
22
Chrome OS Management
12
Chromecast Update
6
ChromeOS
195
ChromeOS Flex
192
Desktop Update
1088
dev update
266
Dev updates
1493
Early Stable Updates
47
Extended Stable updates
122
Flash Player update
5
Flex
1
Hangouts Meet hardware
5
LTS
84
stable
9
Stable updates
1216
Archive
2024
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Give us feedback in our
Product Forums
.