Chrome Releases
Release updates from the Chrome team
Stable Channel Update
Tuesday, September 25, 2012
The Chrome Team is excited to announce the promotion of Chrome 22 to the stable channel. Chrome 22.0.1229.79 (also now available on the beta channel) has a number of new and exciting updates including:
Mouse Lock API availability for Javascript
Additional Windows 8 enhancements
Continued polish for users of HiDPI/Retina screens
You can find out more about Chrome 22 on the
Official Chrome Blog
.
Security fixes and rewards:
Please see
the Chromium security page
for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:
[$
5000
] [
146254
]
Critical
CVE-2012-2897: Windows kernel memory corruption.
Credit to Eetu Luodemaa and Joni Vähämäki, both from
Documill
.
And back to your regular scheduled rewards, including some at the new higher levels:
[$
10000
] [
143439
]
High
CVE-2012-2889: UXSS in frame handling.
Credit to Sergey Glazunov.
[$
5000
] [
143437
]
High
CVE-2012-2886: UXSS in v8 bindings.
Credit to Sergey Glazunov.
[$
2000
] [
139814
]
High
CVE-2012-2881: DOM tree corruption with plug-ins.
Credit to Chamal de Silva.
[$
1000
] [
135432
]
High
CVE-2012-2876: Buffer overflow in SSE2 optimizations.
Credit to Atte Kettunen of OUSPG.
[$
1000
] [
140803
]
High
CVE-2012-2883: Out-of-bounds write in Skia.
Credit to Atte Kettunen of OUSPG.
[$
1000
] [
143609
]
High
CVE-2012-2887: Use-after-free in onclick handling.
Credit to Atte Kettunen of OUSPG.
[$
1000
] [
143656
]
High
CVE-2012-2888: Use-after-free in SVG text references.
Credit to miaubiz.
[$
1000
] [
144899
]
High
CVE-2012-2894: Crash in graphics context handling.
Credit to Sławomir Błażek.
[Mac only] [$
1000
] [
145544
]
High
CVE-2012-2896: Integer overflow in WebGL.
Credit to miaubiz.
[$
500
] [
137707
]
Medium
CVE-2012-2877: Browser crash with extensions and modal dialogs.
Credit to Nir Moshe.
[$
500
] [
139168
]
Low
CVE-2012-2879: DOM topology corruption.
Credit to pawlkt.
[$
500
] [
141651
]
Medium
CVE-2012-2884: Out-of-bounds read in Skia.
Credit to Atte Kettunen of OUSPG.
[
132398
]
High
CVE-2012-2874: Out-of-bounds write in Skia.
Credit to Google Chrome Security Team (Inferno).
[
134955
] [
135488
] [
137106
] [
137288
] [
137302
] [
137547
] [
137556
] [
137606
] [
137635
] [
137880
] [
137928
] [
144579
] [
145079
] [
145121
] [
145163
] [
146462
]
Medium
CVE-2012-2875: Various lower severity issues in the PDF viewer.
Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
[
137852
]
High
CVE-2012-2878: Use-after-free in plug-in handling.
Credit to Fermin Serna of Google Security Team.
[
139462
]
Medium
CVE-2012-2880: Race condition in plug-in paint buffer.
Credit to Google Chrome Security Team (Cris Neckar).
[
140647
]
High
CVE-2012-2882: Wild pointer in OGG container handling.
Credit to Google Chrome Security Team (Inferno).
[
142310
]
Medium
CVE-2012-2885: Possible double free on exit.
Credit to the Chromium development community.
[
143798
] [
144072
] [
147402
]
High
CVE-2012-2890: Use-after-free in PDF viewer.
Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
[
144051
]
Low
CVE-2012-2891: Address leak over IPC.
Credit to Lei Zhang of the Chromium development community.
[
144704
]
Low
CVE-2012-2892: Pop-up block bypass.
Credit to Google Chrome Security Team (Cris Neckar).
[
144799
]
High
CVE-2012-2893: Double free in XSL transforms.
Credit to Google Chrome Security Team (Cris Neckar).
[
145029
] [
145157
] [
146460
]
High
CVE-2012-2895: Out-of-bounds writes in PDF viewer.
Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
Many of the above bugs were detected using
AddressSanitizer
.
We’d also like to thank Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.
Full details about what's in this release are available in the
SVN revision log
. Found a bug?
Report it!
On a different channel, but want to join us on the Beta train? The
Chromium wiki
has you covered.
Jason Kersey
Google Chrome
Labels
Admin Console
43
Android WebView
19
Beta
21
Beta update
4
Beta updates
1995
chrome
15
Chrome Dev for Android
123
Chrome for Android
927
Chrome for iOS
364
Chrome for Meetings
5
Chrome OS
1149
Chrome OS Flex
22
Chrome OS Management
12
Chromecast Update
6
ChromeOS
195
ChromeOS Flex
192
Desktop Update
1088
dev update
266
Dev updates
1493
Early Stable Updates
47
Extended Stable updates
122
Flash Player update
5
Flex
1
Hangouts Meet hardware
5
LTS
84
stable
9
Stable updates
1216
Archive
2024
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Give us feedback in our
Product Forums
.