Thursday, March 8, 2012

Chrome Stable Channel Update

The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame.  This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glazunov for the first submission to Pwnium!

  • [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome



Blogger LuboŇ° Motl said...

Sergey Glazunov has just surpassed Warren Buffett in the list of wealthy people. Congratulations.

9:47 AM, March 08, 2012  
Blogger Richard Kral said...

What the hell Sergey Glazunov!!! 60 000 bucks!?! How is it possible he`s not in Google Chrome dev team?

9:58 AM, March 08, 2012  
Blogger Kurt Bugeja said...

Congrats ching!

10:06 AM, March 08, 2012  
Blogger Fortran said...

Even more impressive is how fast Google fixed this. These are the bugs Glazunov exposed just a day or two ago in the Pwn2Own contest!

10:28 AM, March 08, 2012  
Blogger Lionel LaCorbiere said...

Sergey is always doing great thing s for the Chrome browser. It makes me think sometimes that he somehow engineers the bug then fixes it to claim his paycheck. But I know that not possible. He's just damned good at what he does!

11:02 AM, March 08, 2012  
Blogger Manish said...

Congrats Sergey!

11:18 AM, March 08, 2012  
Blogger Bolo Srewu said...

yes, awesome, may google chrome will not frequently crashes i hope, and more hope... :-)

1:35 PM, March 08, 2012  
Blogger STiAT said...

Congratulations Sergey, and congratulations / thanks to the Google security/dev team fixing this so fast pushing out an update.

I'd like to see that kind of fix timeline in more companies. I wonder though how you managed to get through the quality boards that fast ;-).

4:46 AM, March 09, 2012  
Blogger Jeppe said...

More than a great achievement for the hacker in question, it's a major win for the Chrome eco-system.

A major strength that Google acknowledges flaws and fixes them instead of trying to hide them as some other browser vendors.

1:10 PM, March 09, 2012  
Blogger NICHOLAS said...

Wow congrats I've been using Chrome since version 3 and i count be more happy to see how it turned out. This browser blows away all compition in my opinion.

Thank Sergey for finding the exploit and Chrome Team for pushing out an update so fast :)

1:13 PM, March 09, 2012  
Blogger Ganesh J. Acharya said...

Nither the old build old_chrome.exe is working, nor chrome.exe is working. What do I do?

6:05 PM, March 09, 2012  
Blogger arun nair said...

I am using chrome 17.0.963.78 on centos 6.2 and I still face the issue of shockwave flash crash in chrome .....

6:51 PM, March 10, 2012  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home