Tuesday, April 20, 2010

Stable Update: Security Fixes

Google Chrome 4.1.249.1059 has been released to the Stable channel on Windows.

This release fixes the following security issues:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$500] [39443High Type confusion error with forms. Credit: kuzzcc.
  • [39698High HTTP request error leading to possible XSRF. Credit: Meder Kydyraliev, Google Security Team
  • [40136Medium Local file reference through developer tools. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
  • [40137Medium Cross-site scripting in chrome://net-internals. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
  • [40138High Cross-site scripting in chrome://downloads. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
  • [40575Medium Pages might load with privileges of the New Tab page.
  • [$500] [40635High Memory corruption in V8 bindings. Credit: kuzzcc; Google Chrome Security Team (SkyLined); Michal Zalewski, Google Security Team.

If you find issues, please let us know: http://code.google.com/p/chromium/issues/entry

--Mark Larson, Google Chrome Team

Labels:

31 Comments:

Blogger Manish said...

Lately lot of security fixes in Chrome :(

9:44 AM, April 20, 2010  
Blogger MrNerd said...

is there a beta release today?

9:55 AM, April 20, 2010  
Blogger LZSaver said...

Hmmm...

10:40 AM, April 20, 2010  
Blogger joesixgig said...

Robert Swiecki for president. Keep up the good work! (and the other developers, please drink more coffee)

11:22 AM, April 20, 2010  
Blogger Chris said...

@joesixgig: +1, I'm voting for Robert :) @Manish: well we could always leave them unfixed if you prefer :P More seriously, the good news is that many of them are being found by internal audits, and it remains very rare for Chromium to take a "Critical" bug. Also note that the Chromium Security Reward program is going very well and resulting in a slight increase in vulnerability load.

11:39 AM, April 20, 2010  
Anonymous Anonymous said...

Where we can find the download link

2:59 PM, April 20, 2010  
Blogger Dogan said...

Are these fixes included in dev release?

4:19 PM, April 20, 2010  
Blogger Manish said...

@Chris: I did not mean that :(. I really like the security model of Chrome, just that I was wishing for a release which has more new features (like bug 19, 266)..

4:45 PM, April 20, 2010  
Blogger Gianni said...

Google Wave does not work with this release, no one else has the same problem?

5:31 PM, April 20, 2010  
Anonymous Anonymous said...

Same old "Error 3: Update server unavailable" when checking the version. Thx.

12:44 AM, April 21, 2010  
Anonymous Anonymous said...

Where we can find the download link???

1:41 AM, April 21, 2010  
Blogger Rajesh Shenoy said...

Sorry for the slightly off-track question: When is a stable build for Linux expected? Why is it taking so long?

4:15 AM, April 21, 2010  
Blogger Mike and Mary Jones said...

Google Wave doesn't seem to be working...

5:09 AM, April 21, 2010  
Blogger Jug said...

Rajesh: The first stable version for Linux and Mac is supposed to be Google Chrome 5, but there's a number of features planned for that release, so Linux users will still have to wait a while longer.

According to the Chromium Development Calendar (at http://www.chromium.org/developers/calendar ), the stable release date is yet to be decided upon.

But that Chromium is apparently going code complete on April 30, is a good sign. :) As a non-Googler guess from me, I'd say it may go stable sometime this summer? Maybe June? *shrug* But the Betas have pretty good quality these days too.

5:37 AM, April 21, 2010  
Blogger Rajesh Shenoy said...

@Jug: Thank you very much for the very patient explanation! :)
@Mike and Mary Jones: Google Wave is not working for me too.

5:46 AM, April 21, 2010  
Blogger Li, Quanjia said...

history management is really bad. not easy to del management

7:47 AM, April 21, 2010  
Blogger nimo said...

This release experience with javascript performance degradation (Sunspider benchmark 40%)

8:14 AM, April 21, 2010  
Blogger napoleon said...

Chrome does not want to update to version 4.1.249.1059. Currently in version 4.1.249.1045, he said he is up to date?!

12:14 PM, April 21, 2010  
Blogger nhnl said...

From omahaproxy.appspot.com:
> win,stable,4.1.249.1045,4.1.249.1059
The order should be reversed.
Currently I can't update to 4.1.249.1059 from 249.1045.

10:26 AM, April 22, 2010  
Blogger thinkNsidedabunNOToutsidedabox said...

crashing on me like a mofokuku! It's like open a Google Chrome instance, surf opening a few tabs, then what: has CRASHED! do u want to restart? Start again, only to crash again--LIKE PRACTICALLY RIGHT AWAY AS I *JUST* REstarted IT--LIKE, WHAT, 15 seconds ago (YES, SECONDS, PEOPLE--NOT EXAGGERATING TOO MUCH, AT ALL)!!! WTF? YES, *THAT* FREQUENT!!!!!!! I think I'm giving up Google Chrome! THIS IS NONSENSE B.S.!! GOOGLE, I think u r rushing (to dominance) so dropping ball on QC!!

using 4.1.249.1059 released 042010 T! And STABLE version too! THIS HAPPENING FOR U GUYS TOO??????????????????

WTF, GOOGLE, U SUX!

8:23 PM, April 22, 2010  
Blogger Rajesh Shenoy said...

Google Wave is working for me today in this release. I guess it was an error in Wave, that has been fixed now.

@thinkNsidedabunNOToutsidedabox: I have not had any crashes. And I usually have 8-15 tabs open simultaneously.

8:32 PM, April 22, 2010  
Blogger fromq8 said...

i have crash
i got crash in google chrpme
More than any other browser

WHY ???

2:24 AM, April 23, 2010  
Blogger rade.ON! said...

oh gosh! thanks about the bookmarks bar shortcut..

now it's on track! ;)
keep up the good work..

4:28 AM, April 23, 2010  
Blogger Bunniemagyk said...

Downloaded latest version to try to correct issue but Kapersky still finds the vulnerability in Chrome and also something in Java which I have also updated. What else can I do?

2:22 AM, April 24, 2010  
Blogger Matthias said...

My Windows 7 updated, but my XP laptop stays at 1045 and reports to by uptodate. What might be my problem?

7:17 AM, April 25, 2010  
Blogger showpanmohsin said...

Its very interesting and very informative and i really like your approach.

7:59 AM, April 26, 2010  
Blogger Alexey said...

I found this bug after upgrading to this version. On some sites, clicking the middle mouse button leads to the discovery of links, rather than a new tab on this link.

9:38 AM, April 26, 2010  
Blogger Heinrich said...

I can't get this version.
Chrome says : 4.1.249.1045 is uptodate.

11:22 PM, April 26, 2010  
Blogger Mike N said...

I concur, my Google Chrome will still not update to the latest Stable version despite it being one week old. I'm running Vista.

5:47 AM, April 27, 2010  
Blogger Manish said...

@Chris- Its already more than 10 days that 4.1.249.1059 was released, but the bugs are still marked private. Any idea, by when they will be made public? I would assume that by now the latest update must be pushed to majority of users... Is that not the case?

3:15 PM, May 03, 2010  
Blogger Matthias said...

my Chrome on XP jumped up directly to 1064 without 1059

7:14 AM, May 04, 2010  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home