Wednesday, April 27, 2011

Chrome Stable Update


The Google Chrome team is happy to announce the arrival of Chrome 11.0.696.57 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Chrome 11 contains some really great improvements including speech input through HTML.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

We’re pleased to associate a record $16,500 of rewards with this patch.

  • [61502] High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella.
  • [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva.
  • [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community.
  • [$500] [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin.
  • [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass.
  • [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz.
  • [$1000] [73526] High CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz.
  • [$1000] [74653] High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc.
  • [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team.
  • [$1000] [75186] High CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez.
  • [$500] [75347] High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths.
  • [$1000] [75801] High CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509.
  • [$1000] [76001] High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella.
  • [$500] [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg.
  • [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509.
  • [$3000] [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc.
  • [$1000] [76966] High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz.
  • [$1000] [77130] High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509.
  • [$1000] [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski.
  • [77349] Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc.
  • [$2000] [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov.
  • [$500] [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel.
  • [$1500] [79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov.
  • [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF. Credit to Eric Roman of the Chromium development community.
  • [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to Eric Roman of the Chromium development community.
We would also like to thank miaubiz, kuzzcc, Sławomir Błażek, Drew Yao and Braden Thomas of Apple Product Security and Christian Holler for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

More on what's new at the Official Chrome Blog.  You can find full details about the changes that are in Chrome 11 in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Karen Grunberg
Google Chrome

Labels:

32 Comments:

Blogger solcroft said...

Okay, WHY is issue 78787 not fixed?

8:09 AM, April 27, 2011  
Blogger Evilcat said...

superb

8:10 AM, April 27, 2011  
Blogger Schitso said...

This comment has been removed by the author.

8:15 AM, April 27, 2011  
Blogger solcroft said...

There's a trivial reason it was marked as Mstone-12, which I won't bother explaining here. The patch to fix the regression already exists, I just want to know why it didn't get merged into the stable branch. If you're not in the position to answer (i.e. not a member of the Chrome team), I appreciate your attempt to contribute, but please do refrain from posting useless replies.

8:21 AM, April 27, 2011  
Anonymous Anonymous said...

Does this release sandbox flash on the Mac? I was under the impression that sandboxing of flash in Chrome was previously Windows only.

8:21 AM, April 27, 2011  
Anonymous Anonymous said...

The new Chrome icon design doesn't show up in Chrome's icon on Windows. Why is this? I've filed the bug, because it occasionally switches to the new design if you right-click the icon in the task bar. Just wondering if anyone knows why this is?

8:25 AM, April 27, 2011  
Anonymous Anonymous said...

@Michael: Have you tried logging out of Windows?

I'm on the beta channel, but when it updated to Chrome 11 I had to logout of Windows so that the new Chrome icon changed.

8:40 AM, April 27, 2011  
Blogger Rafael said...

Hello Michael to change the icon of the new version of Google Chrome had to remove Google Chrome from the computer altogether to add or remove programs. Then reinstall it by downloading Google Chrome from another browser. Hope that helps.

9:03 AM, April 27, 2011  
Blogger Jonathan said...

Just updated to chrome 11 and site http://www.telltalegames.com/ is not working - there should be a menu on top of the page but its not showing....

9:32 AM, April 27, 2011  
Blogger Petko said...

Yep, the Google Chrome's icon gets updated once you restart or log off.

Why does it say 'unknown' right after the version number in the 'About Google Chrome' window?

9:59 AM, April 27, 2011  
Blogger kpoz said...

I still receive "Chrome update server not available (Error 11)" on my Mac, and nobody at Google has addressed the error in any forum online.

10:23 AM, April 27, 2011  
Blogger RG said...

At my Chrome it is also saying 'unknown' right after the version number in the 'About Google Chrome' window

11:02 AM, April 27, 2011  
Blogger Eli James said...

I'm just chipping in here to say: bravo, I really appreciate the good work you guys are doing!

11:48 AM, April 27, 2011  
Blogger Gabi said...

no hardware acceleration ? sad...

12:07 PM, April 27, 2011  
Blogger Jonathan said...

I have fixed the site display issue - restarting pc and chrome had no effect but closing chrome and clearing cache fixed the issue...

12:31 PM, April 27, 2011  
Blogger Mesca Vlad said...

my new chrome 11 is slower then 10 :(

12:51 PM, April 27, 2011  
Blogger Manish said...

@Karen: Nice to see Chrome 11 update. Could someone please elaborate on the features/improvements?

1:12 PM, April 27, 2011  
Blogger Cody said...

(1) "unknown" in about dialog box
(2) Uninstall/ Reinstall to update icon
(3) White ring in new icon should be smoother.

Suggestion:
Incorporate Extensions, History, and About into tabbed Settings.

1:37 PM, April 27, 2011  
Blogger Demian said...

I would like to put a mute button on the tab that is emitting sound, that is, when playing a flash or html sound, it then appears a speaker, and there can mute, since I have many tabs open that are not which sounds most of the time.

2:09 PM, April 27, 2011  
Blogger Gabi said...

BUG : http://img15.imageshack.us/i/unledwo.jpg/

2:41 PM, April 27, 2011  
Blogger Victor said...

Very nice release, kudos!

4:53 PM, April 27, 2011  
Blogger David said...

I hope this fixed the flickering of EVERY single flash object.

5:13 PM, April 27, 2011  
Blogger JPG Printing said...

Looks stable www.peguere.com

7:37 PM, April 27, 2011  
Blogger Vincenzo said...

[message written with google translate]
I tried to update Chrome on Windows 7 (32), but I've got a blue screen (BSoD). I tried to disable my Antivirus: Avira AntiVir Premium, but I could not update (always the BSoD). In the end I uninstalled completely Avira AntiVir Premium and I've been able to install google chrome 11.

In short: To install Chrome 11 I uninstalled Avira Antivir Premium

More information about the Windows 7 provided by [Italian language]:
Firma problema:
Nome evento problema: BlueScreen
Versione SO: 6.1.7601.2.1.0.256.48
ID impostazioni locali: 1040

Ulteriori informazioni sul problema:
BCCode: 1000008e
BCP1: C0000005
BCP2: 8293C985
BCP3: 9493F830
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

File che contribuiscono alla descrizione del problema:
C:\Windows\Minidump\042811-28375-01.dmp
C:\Users\Vincenzo\AppData\Local\Temp\WER-57796-0.sysdata.xml

Leggere l'informativa sulla privacy online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0410

Se l'informativa sulla privacy online non è disponibile, leggere quella offline:
C:\Windows\system32\it-IT\erofflps.txt

4:29 AM, April 28, 2011  
Blogger Per Bylund said...

I still hope to see a 64-bit Windows version. Soon. What's the point of 64-bit OS if the browser (which is quickly becoming the one-and-only application in most tasks, online or not) is only 32-bit?

8:03 AM, April 28, 2011  
Blogger The MAZZTer said...

@solcroft Fix was only committed two weeks ago; not sure when the code freeze for 11 was but the fix might have missed it, and it's only a minor visual glitch and so not critical to get into 11 right away.

You are welcome to download the source code, merge in the fix yourself, and compile your own binaries for your own use.

10:06 AM, April 28, 2011  
Blogger Kurtextrem said...

Sergey is getting rich cause of google xD

3:26 AM, April 29, 2011  
Anonymous Anonymous said...

The new icon is really...UGLY!!! And, also, match the style of all'other Mac icons less than the previous.
Bye

2:33 PM, April 29, 2011  
Blogger Schmaltz Herring said...

Please tell whoever decided to change the old icon he's a douche.

3:33 AM, April 30, 2011  
Blogger Victor said...

I find after this update I am unable to tab to other boxes in a form.

12:23 AM, May 02, 2011  
Blogger Himbleton said...

I'm having major problems viewing my site (via google sites) in this version of Chrome ~ embedded gadgets either custom or from the library created using the google API just don't work.

No issues view the site or embedded gadgets from Explorer or Firefox.

I would have expected Chrome / google sites etc. to be been glued and tested.

Hoping for a fix soon

1:33 AM, May 02, 2011  
Blogger S said...

This comment has been removed by the author.

7:35 AM, May 03, 2011  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home