Tuesday, October 25, 2011

Chrome Stable Release


The Google Chrome team is happy to announce the arrival of Chrome 15.0.874.102 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Chrome 15 contains some really great improvements including a new New Tab page. You can read about it more on the Google Chome blog.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$500] [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.
  • [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.
  • [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.
  • [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.
  • [94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.
  • [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.
  • [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.
  • [$12174] [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.
  • [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
  • [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.
  • [$6337] [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.
  • [$2000] [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
  • [$1500] [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov.
  • [$1000] [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.
  • [$2000] [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  • [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.
  • [100322] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.
The bugs [94487], [96292], [96902], [97599], [98064], [98556], [99294], [100059], [99138] and [99211] were detected using AddressSanitizer.

Although Chrome is not directly affected by the attack, the NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue. The lighttpd project fixed a compatibility issue at version 1.4.27 and newer.

In addition, we would like to thank Sławomir Błażek and Aki Helin of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.



Karen Grunberg
Google Chrome

Labels:

32 Comments:

Blogger Radek said...

Congrats on the release!

9:11 AM, October 25, 2011  
Blogger Rafael said...

Chrome Thanks for the great work you've done. Thanks for the release of the stable channel 15.0 that was long expected and described with respect to the bugs will have some problem for the end user?

9:25 AM, October 25, 2011  
Blogger Fedor said...

I can't run it under Fedora. SELinux AVC denial :(

9:57 AM, October 25, 2011  
Blogger joesixgig said...

For main feature changes, see here: http://goo.gl/QEZ1t
Sync search engines seems like the biggest change.

10:02 AM, October 25, 2011  
Blogger Chris said...

@Fedor: sorry about the SELinux thing on Fedora. Chrome 16 builds should be OK if you want to try one of those?

10:42 AM, October 25, 2011  
Blogger JJD said...

This comment has been removed by the author.

10:59 AM, October 25, 2011  
Blogger Harald B said...

Five or six crashes in less than an hour, after been very stable for months. I hope my automatically generated crash reports will help.

11:40 AM, October 25, 2011  
Blogger Brad Wilson said...

When will this release to Chromebooks? I'm really wanting to switch over to Stable from Beta because I offline Gmail doesn't work in Beta. is there a way to force an update?

12:11 PM, October 25, 2011  
Blogger Tovagulet said...

Im not liking Google Chrome 15...

I hate the new tab page that can't be edited, I don't want people to see the most visited webpages... and can't remove it, neither my applications =/

Next release should add an option to remove, or an easier way to remove it as I can't find any way to remove them.

12:12 PM, October 25, 2011  
Blogger Luboš Motl said...

Dear Tovagulet, you should try the Incredible Start Page extension to solve your problems with the new tab. LM

12:21 PM, October 25, 2011  
Blogger Peter said...

I'm confused. If there are some "really great improvements," why don't you tell us what they are? This is, after all, the Google Chrome Releases blog, not a Google Chrome Security blog. There is always great detail given for security fixes, but never for other improvements. What gives?

12:25 PM, October 25, 2011  
Blogger senyai said...

All scrollbars are blue now ☺

12:51 PM, October 25, 2011  
Blogger charlesx said...

after intalling the upgrade, alot pages dont load, some load a bit but they freeze

(sorry for my bad english)

1:06 PM, October 25, 2011  
Blogger pethr said...

I just wish Chrome did support web fonts better. It displays the web fonts the worst from all browsers that support them and that includes such relicts as IE7. Choosing not to enable any sort of smoothing on older OSes is also hard to understand.

1:23 PM, October 25, 2011  
Blogger Jeff said...

@Peter, you can always get more info on new features in a release at the Google Chrome blog (http://chrome.blogspot.com/); hope that helps.

1:54 PM, October 25, 2011  
Blogger nateify said...

Eh? None of my extensions work now. None at all! I'm running the stable release, too...

2:12 PM, October 25, 2011  
Blogger William said...

Gah! Sergey made like 15 G's with Chrome 15!!! Ballinnnnnnnn

2:26 PM, October 25, 2011  
Blogger Victor said...

Your print to PDF on the Mac is NOT an improvement! It doesn't allow integration Apple's Preview which is important if you want to actually EDIT AND ANNOTATE the article before you file it.

2:31 PM, October 25, 2011  
Blogger sabih said...

This version is telling that you need to install plugin??????
this is not stable why google updated this version as stable?????

2:40 PM, October 25, 2011  
Blogger Seyss said...

great to see Google gives money to ppl that finds exploits on Chrome..

great policies you have there

I wish my shitty company (ArcelorMittal, which belongs to a goddamn greedy fuckin indian) did this.

3:18 PM, October 25, 2011  
Anonymous Anonymous said...

Google Chrome is the best web browser !

I've never had a crash or a problem with the web browser! I love it!

Thanks Google

1:00 AM, October 26, 2011  
Blogger cichy said...

Still there is no "clear history older than XXX" option.

1:02 AM, October 26, 2011  
Blogger cichy said...

Still there is no "clear history older than XXX" option.

1:02 AM, October 26, 2011  
Blogger Jor said...

I can now play WebM video on YouTube at a solid 30 fps for 720p full screen, whereas before it was only half that much. Thanks, Google!

5:29 AM, October 26, 2011  
Blogger Mainman678 said...

Just one thing fix the built in flash for chrome it is glitchy.

9:47 AM, October 26, 2011  
Blogger Dubya said...

The new NEW TAB page is horrible!

6:38 PM, October 26, 2011  
Anonymous Anonymous said...

With the latest release, I'm getting a lot more "browser tab crashed" messages than before. I was thinking Chrome got rid of this pesky message.

5:55 PM, October 27, 2011  
Blogger Zikhali said...

Great update but there is the issue of the Skype Add-on which causes Chrome to continually prompt user to update plugin, I installed Java twice and the Media Player plugin more than that only to find after a frustrating afternoon of the yellow band accusing me of not having a plugin updated that it was an issue with Skype. It does not auto update so cancelling or clicking on update has no effect

2:47 PM, October 29, 2011  
Blogger msi2 said...

What spacebear is pointing out is true, though i'm using Chromium 17 right now and i dont anymore those random crashes.

But most importantly, those crashes are recurring when you open a page and quickly after, by using the new tab button, you open a new page (roughly one or two second after) the browser tab crash message is displayed. This has been the case since Chrome 13 and we're now at Chromium 17, the issue is still there.

I'm running on WinXPSP3 if that helps.

3:26 AM, October 30, 2011  
Blogger rené said...

Is there a chance that the various installers for google applications will be able to use an authenticating proxy? I am getting frustrated as I was able to install Chrome last night with no problems, but today it just stalls with no other message than ' No internet connection' and a link to a help-section that goes nowhere near suggesting an offline install'.. Searching for this issue reveals this has been a problem since at least 2008..

2:39 PM, October 30, 2011  
Blogger Cesia said...

Is there a way to get the old New Tabs back? I really hate this new one. It's nothing but a big inconvenience.

8:39 AM, October 31, 2011  
Blogger Dubya said...

@Cesia
Glad I'm not the only one who hates it.
You can no longer pin tiles or re-arrange them. This is such a huge step backwards, I just don't understand why they did this...

8:44 AM, October 31, 2011  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home