Wednesday, February 8, 2012

Stable Channel Update

The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame.  17.0.963.46 contains a number of new features including:
  • New Extensions APIs
  • Updated Omnibox Prerendering
  • Download Scanning Protection
  • Many other small changes
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

  • [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
  • [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
  • [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
  • [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
  • [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
  • [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
  • [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
  • [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
  • [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
  • [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
  • [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
  • [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of
  • [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek.
  • [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
  • [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
  • [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
  • [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
  • [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
  • [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
  • [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).
The bugs [105459], [106441], [108416], [108901], [109716], [109743], [110112], [110277], [110374]  and [110559] were detected using AddressSanitizer.

In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, Sławomir Błażek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.

More detailed updates are available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome



Blogger Per Bylund said...

Bug of feature: the "+" sign is no longer in the little icon for adding a new tab...

9:42 AM, February 08, 2012  
Blogger BBChopper said...

Bug: Search engine short cut key "d" doesn't work ("c" & "e" are fine). This has been carried over from V16.

10:03 AM, February 08, 2012  
Blogger Cody said...

Great work! I like the NTP button and settings tweaks and eagerly await the Uber Page.

10:30 AM, February 08, 2012  
Blogger Chris said...

That's probably just you. You can either try uninstalling and reinstalling chrome, or it might be an extension that's using that keyword. try disabling all of your extensions and see if it works.

10:58 AM, February 08, 2012  
Blogger Robby said...

any hope of vertical tabs coming back. Please!!

11:25 AM, February 08, 2012  
Blogger Red Aether said...

+ sign on new tab is intentionally gone. Probably to avoid confusion with google+ services.

11:26 AM, February 08, 2012  
Blogger Trisped said...

SVN revision log link (in post) does not work. Remove extra space before revision numbers. Should be ""

Need something in the new tab button. Since there is nothing to focus on my mind forces a direct view and confirmation each time I look at Chrome from another window.

12:26 PM, February 08, 2012  
Blogger Rob said...

How are bugs prioritized for fixing? I reported a bug (#57370) seventeen months ago about localized extensions and web applications failing to install in some Chrome configurations, but there's been very little movement on it.

12:52 PM, February 08, 2012  
Blogger Irmantas said...

Bug: In some cases where should be displayed flash it only shows Missing plugin.

1:43 PM, February 08, 2012  
Blogger Matrus said...

What happened to the preferences on Mac? The elements (check boxes, radio buttons, etc.) look fuzzy and don't use the standard OS X colors being grey instead of blue. Additionally "Search preferences" cuts of the last s.

It looks very unpolished now.

2:05 PM, February 08, 2012  
Blogger Mamdouh said...

This comment has been removed by the author.

2:46 PM, February 08, 2012  
Blogger Mamdouh said...

Where is the users shortcuts ?

2:49 PM, February 08, 2012  
Anonymous Anonymous said...

Odd behavior showing up in Chrome 17 when visiting (Windows 7). Hovering over Products, Solutions or Store at the top and the browser "jumps" three or four times to that page without clicking on it. I confirmed with a coworker that Chrome 16 does not have that behavior. That's the only site that I've noticed any problems.

3:42 PM, February 08, 2012  
Blogger CDM said...

This release have a regression. The bug of web kit rendering flash that was fixed in release 16 is now available again.

5:17 PM, February 08, 2012  
Anonymous Anonymous said...

For some reason, Chrome is using three flash player plugins; two of them being version, and one of them being version

There are two of every flash instance (ex: Two YouTube players, two advertisements, two flash games, one covering the other), and so I disabled all but the flash. Now the Flash is running very badly, jittering and skipping, and for some reason the text is all blurred, but there is only one instance of flash, not two. I disabled and enabled one of the flash plugins, at which point everything runs perfectly, no doubling, no blurry text.

Good luck fixing things?

7:16 PM, February 08, 2012  
Blogger ardi sugianto said...

+ icon on new tab disappear

9:19 PM, February 08, 2012  
Blogger Sleeper said...

@Ardi Sugianto: As Red Aether said first, the + sign was intentionally removed. It's been that way in Canary and Dev builds for a while now.
Also, I'm having the same problems with multiple copies of flash causing grief.

9:51 PM, February 08, 2012  
Blogger ◄♪♫ संदिप पाटील ♫♪► said...

One of annoying bug... Whenever I try to save an already open image, the browser downloads it again, What a waste of bandwidth

11:32 PM, February 08, 2012  
Blogger Deon dsouza said...

The one thing i don't like about Google chrome is about the flash getting crashed again,i hope this is fixed in the new version,if not please do it in the next stable release.

8:07 AM, February 09, 2012  
Blogger eLDuRo said...

I am having issues on viewing Youtube videos on Facebook, when I click on a video these two scrolling bars come out which doesn't allow me to watch the video in it's original viewing size, is anybody having this issue?

9:43 AM, February 09, 2012  
Blogger MaNgO said...

No probs in my chrome!!

9:50 AM, February 09, 2012  
Blogger MaNgO said...

No probs in my chrome!!
But wy did de remuv d + sign 4 adding new tabs?
At times, it's confusing!!

9:52 AM, February 09, 2012  
Blogger CDM said...

This is the bug that was fixed in 16 but reappear in 17 version. I think that was a code merge problem.

Please fix this again !


2:34 PM, February 09, 2012  
Blogger Rafael said...

He was finally released the final version of Google Chrome 17 was the version that took over Chrome was far too late for releases - it

6:21 PM, February 09, 2012  
Blogger Stu Greenham said...

I have noticed on my Mac in the last few weeks and from today's update that Placeholder text does not disappear on focus. Is this a bug or is this correct as Google Chrome is the only browser so far to start doing it this way?

Which was is correct and does anybody have any solid reasoning for both?


2:23 AM, February 10, 2012  
Blogger madnutter56 said...

Pressing F6 no longer selects all the text in the address bar.

8:48 AM, February 10, 2012  
Blogger CLW13 said...

I'm looking at 17.0.963.46 m, and trying to get to my dev page on an The SSL doesn't match, and previously I've always had a "I understand the risks, proceed anyway" link. That link is gone, and my only options are "back" or "more information" which doesn't give me anything.

I need to get to my for testing purposes. Help please!

10:24 AM, February 10, 2012  
Blogger Thomas Wright said...

Did they award Aki Helin the 1337 speak number intentionally?..

8:21 PM, February 10, 2012  
Blogger TwhiT said...

f6 is now broken. It doesn't highlight anything now. I don't want to have to click the address bar with my mouse to highlight everything. Please someone, fix the f6 key issue. This update must have broken something.

12:25 PM, February 12, 2012  
Blogger pspmodel2001 said...

Does this update include the CR-48? I updated chrome on Ubuntu here but not my Chromebook. Any other way to update my CR-48?

4:13 PM, February 12, 2012  
Blogger Vincent Kargatis said...

I've noticed with v17 that the 'Search Elements' box in the Elements panel no longer takes css selectors. Was that intentional? I often used it to verify selectors, disappointed it's gone - it was very convenient. Using the console with "document.querySelector" is much less so!

8:23 AM, February 14, 2012  
Blogger Victor said...

As a faithful Chrome user, I have to say this version sucks.

-- Flash may or may not work.

-- Some links internal to web pages, when clicked, load and then simply vanish leaving you a blank page.
Turning off prerendering doesn't help.

-- Version seems sluggish as a result of feature creep that doesn't add any value in terms of user experience.

4:53 PM, February 14, 2012  
Blogger Louis said...

XP SP3,Catalyst 11.8

Quite a good build:
-The blue page anomaly is almost (Almost...) corrected
-Speed is excellent,no crash so far
-the way the History is displayed is plain gorgeous.Don't eva change it,please.

The problems:
- A MAJOR ONE.I just updated my JRE to and now the java test fails with Chrome BUT not with IE8 (Patched from 14/02/2012) !!!
I can't play at Balls&Walls anymore either:
My java apps work nevertheless.
- enabling "GPU Accelerated Drawing" breaks the scroll bar (Its behaviour becomes erratic) and makes it transparent(!).
- one last thing that intrigues me:the WebM test in Peacekeeper stutters.Is it Chrome or the test itself (Been like this ever since the new Peacekeeper was released) ?

7:39 AM, February 15, 2012  
Blogger maple story mesos said...

This comment has been removed by a blog administrator.

3:19 AM, February 18, 2012  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home