Wednesday, March 17, 2010

Stable Channel Update

EDIT 23-Mar-10 (mal): Remove "[33572] Medium HTTP headers processed before SafeBrowsing check" from security issues fixed. This is not fixed in this release.

The stable channel has been updated to 4.1.249.1036 for Windows, and includes the following features and security fixes (since 4.0):

  • Translate infobar.
  • Privacy features: content settings (cookies, images, JavaScript, plug-ins, pop-ups).
  • Disabling experimental new anti-reflected-XSS feature called "XSS Auditor". The feature is still experimental, and we're disabling it while we look into some serious performance issues in rare cases. Please see this post for more details about what the XSS Auditor is.

Please see this feature announcment post for more info about translate and privacy.

Security Fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Congratulations to Sergey Glazunov on receiving the first $1337 Chromium Security Reward for bug 35724.
  • [28804] [31880] High Race conditions and pointer errors in the sandbox infrastructure. Credit to Mark Dowd, under contract to Google Chrome Security Team.
  • [30801] [33445] Low Delete persisted metadata such as Web Databases and STS. Credit to Google Chrome Security Team (Chris Evans) and RSnake of ha.ckers.org.
  • [$500] [34978] High Memory error with malformed SVG. Credit to wushi of team509.
  • [$1337] [35724] High Integer overflows in WebKit JavaScript objects. Credit to Sergey Glazunov.
  • [36772] Medium HTTP basic auth dialog URL truncation.Credit to Google Chrome Security Team (Inferno).
  • [37007] Medium Bypass of download warning dialog. Credit to kuzzcc.
  • [$1000] [37383] High Cross-origin bypass. Credit to kuzzcc.
  • [$500] [Affected BETA only] [37061] High Memory error with empty SVG element. Credit to Aki Helin of OUSPG.

List of all changes: http://build.chromium.org/buildbot/perf/dashboard/ui/changelog.html?url=/branches/249/src&range=38071:41527&mode=html


- Orit Mazor, Google Chrome Team

Labels:

15 Comments:

Blogger Konrad said...

great news ! keep godd work, google chrome team! Best browser ever

10:11 AM, March 17, 2010  
Anonymous Anonymous said...

Is this suppose to be available now?

I'm getting a "Update server not available (error:7)" message.

10:17 AM, March 17, 2010  
Anonymous Anonymous said...

Never mind, working now.

10:27 AM, March 17, 2010  
Blogger 8ball said...

Love you, love chrome.
everything you do is Awesome.

I haven't updated yet, I have the Stable on my Laptop, Beta on my Desktop and Developer's on my USB Stick.

Portable Chrome: http://portableapps.com/apps/internet/google_chrome_portable

11:40 AM, March 17, 2010  
Blogger Stanimir Markov said...

This comment has been removed by the author.

1:30 PM, March 17, 2010  
Blogger Blewby said...

Great Job on updates, love the speed of Chrome. However, still waiting for Print Selection to come around.

3:40 PM, March 17, 2010  
Blogger gsctt said...

@Blewby, the fixed to print selection is provided only for the version 6 of the browser.

http://crbug.com/22937

Don't ask me why....

8:00 PM, March 17, 2010  
Blogger ¬°fah! said...

Love chrome but how do I turn OFF the automatic translation!!? Please help

9:16 PM, March 17, 2010  
Blogger Andrea & Len said...

You have blown my Internet Banking Service out of the water. Don't you think it would have been a good idea to let NatWest Online Banking know you were updating your software. Please don't get like the other 'you know who' browser and get too arrogant. I shall download Opera until you bring out a fix! You have been my browser of choice since launch. Ex-IBM softie.

2:40 AM, March 18, 2010  
Blogger Jerzy said...

There is still probably a small problem regarding styling. Default look ok, but Grayscale looks like this:
http://qkpic.com/62c72

3:12 AM, March 18, 2010  
Blogger Mintu said...

The update is not working for me.

I keep getting a "Update server not available (error:3)" message.

4:39 AM, March 18, 2010  
Anonymous Anonymous said...

I have a problem when I access any sites.

I Reported the problem:
http://code.google.com/p/chromium/issues/detail?id=38470

I want to solve the problem.

6:25 AM, March 18, 2010  
Blogger Carolyn Elizabeth Blake said...

When oh when will there be a Google Toolbar addon for Chrome? I travel all over the world and work in the net and I must have the security of the portable Bookmarks. I love Chrome but I cannot use it because I must be able to keep my bookmarks with me. Sad....

11:09 AM, March 18, 2010  
Blogger patrick said...

I chanced upon to view your blog and found it very interesting. Great ... Keep it up!
application development

10:23 PM, March 22, 2010  
Blogger Kurt said...

How can one determine the version of Chrome without running it? When I right-click chrome.exe and select Properties, the version number listed is 0.0.0.0 regardless of which version it actually is. I'm trying to get a handle on the status of chrome versions installed on my network. By file size and date it is apparent that there are multiple version out there (some doubtless vulnerable) but no way for me to derive the version number without going to each PC and launching Chrome.

5:09 PM, March 26, 2010  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home