Chrome Releases: Stable Channel Update

Chrome Releases

Release updates from the Chrome team

Stable Channel Update

Tuesday, September 15, 2009

3.0.195.21 has graduated from Beta to the Stable channel today.

This release includes themes support, a brand new New Tab page, an updated omnibox, support for audio and video tags, and a higher performing V8 engine.

You can read more about it here.

Anthony Laforge

Google Chrome Program Manager

Security Fixes:
We would like to extend special thanks to Will Dormann of CERT for working with us to improve the security of the new audio and video codecs in this release.
CVE-2009-XXXX Content-Type: application/rss+xml being rendered as active content

Previously, we rendered RSS and Atom feeds as XML. Because most other browsers render these documents with dedicated feed previewers, some web sites do not sanitize their feeds for active content, such as
JavaScript. In these cases, an attacker might be able to inject JavaScript into a target web site.

More info: http://code.google.com/p/chromium/issues/detail?id=21238
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium. Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds.

Credit: Inferno of SecureThoughts.com

Mitigations:

A victim would need to visit a page under an attacker's control.
The target web site would need to let the attacker inject JavaScript into an RSS or an Atom feed.

CVE-2009-XXXX Same Origin Policy Bypass via getSVGDocument() method

The getSVGDocument method was lacking an access check, resulting in a cross-origin JavaScript capability leak. A malicious web site operator could use the leaked capability to inject JavaScript into a target web site hosting an SVG document, bypassing the same-origin policy.

More info: http://code.google.com/p/chromium/issues/detail?id=21338
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: High

Credit: Isaac Dawson

Mitigations:

A victim would need to visit a page under an attacker's control.
The target web site would need to host an SVG document.

Labels: Stable updates

Labels

Admin Console 43
Android WebView 19
Beta 24
Beta update 9
Beta updates 2135
chrome 15
Chrome Dev for Android 164
Chrome for Android 1061
Chrome for iOS 442
Chrome for Meetings 5
Chrome OS 1163
Chrome OS Flex 32
Chrome OS Management 13
Chromecast Update 6
ChromeOS 286
ChromeOS Flex 281
Desktop Update 1247
dev update 267
Dev updates 1583
Early Stable Updates 64
Extended Stable updates 162
Flash Player update 5
Flex 1
Hangouts Meet hardware 5
LTS 109
stable 12
Stable updates 1359

Archive

2025
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2024
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2023
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2022
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2021
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2020
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2019
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2018
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2017
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2016
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2015
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2014
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2013
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2012
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2011
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2010
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2009
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2008
- Dec
- Nov
- Oct
- Sep

Give us feedback in our
Product Forums.

Google
Privacy
Terms