Tuesday, July 9, 2013

Stable Channel Update

Update: We are separately updating users to Flash Player 11.8.800.97 via our component updater.

The Stable channel has been updated to 28.0.1500.71 for Windows, Macintosh and Chrome Frame platforms.

Security fixes and rewards:


Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.)


This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues):


  • [$21,500] A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.
  • [252216] Low CVE-2013-2867: Block pop-unders in various scenarios.
  • [252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets.
  • [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets.
  • [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team.
  • [$6267.4] [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.
  • [$3133.7] [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris.
  • [$2000] [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.
  • [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.
  • [$1000] [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.
  • [Windows + NVIDIA only] [$500] [237611] Medium CVE-2013-2874: Screen data leak with GL textures. Credit to “danguafer”.
  • [$500] [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.
  • [229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe.
  • [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.
  • [196636] None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson.
  • [177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.


In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:
  • [256985] High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives (Chrome 28).


Full details about what changes are in this build are available in the SVN revision log and the Chrome Chrome Blog. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge

Google Chrome

Labels:

45 Comments:

Blogger Rafael Hilário said...

Finally after several months the stable version of Google Chrome 28 with the first stable version of the new engine was launched blink. Congratulations Google team.

9:15 AM, July 09, 2013  
Blogger Heinrich Witt said...

But why the hell is shipped with an old version of Flash?

9:20 AM, July 09, 2013  
Blogger Andrea Cicchi said...

this version of google chrome is very stable. But how come the flash player is not the version 11.8? I would understand, because even in the previous version of google chrome there was a version of the flash player that is slightly more updated is 11.7.700.225.

9:23 AM, July 09, 2013  
Blogger Ariesk said...

Congrats on releasing the new Chrome 28 that use the new Blink engine that is being worked on together with Opera. However. For the love of god. Update the Flash Player

9:46 AM, July 09, 2013  
Blogger Sky Ong said...

same old flash version 11.7.700.225 here ... :(

9:54 AM, July 09, 2013  
Blogger Andrea Cicchi said...

the version of the flash player is 11,7,700,203 and is not the 11.7.700.225. they have to upgrade to version 11.8 which is now stable. is out today for all browsers.

10:05 AM, July 09, 2013  
Anonymous Anonymous said...

great, thank you very much

10:06 AM, July 09, 2013  
Blogger Andrea Cicchi said...

Not at all!

10:15 AM, July 09, 2013  
Blogger Pierre Alexandre Lévesque Dumais said...

same old flash version ... :(

Flash plugin 11.7.700.203 /opt/google/chrome/PepperFlash/libpepflashplayer.so
Flash plugin 11.2 r202 /usr/lib/flashplugin-installer/libflashplayer.so (disabled)

10:19 AM, July 09, 2013  
Blogger Kevin Lööw - Balderud said...

Yeah why skip the flash update? :O

10:52 AM, July 09, 2013  
Blogger Heinrich Witt said...

Just now came the Flash update to 11.8.800.97

11:41 AM, July 09, 2013  
Blogger Blaster219 said...

Updated to ver 28.

ALL my toolbar buttons are now hidden by a dropdown menu.

How did that happen. How do I get them back?

12:03 PM, July 09, 2013  
Blogger Tom said...

Update to Chrome 28 stable...there's no sign of the new notification center anywhere...???

12:36 PM, July 09, 2013  
Anonymous Anonymous said...

@Blaster219 just drag the border of the omnibox.

12:42 PM, July 09, 2013  
Blogger Gordon Hawley said...

How do we get the newest Flash? I'm still stuck with the older 11.7.700.203 which is ridiculous. Why downgrade the Flash when you update Chrome.

12:43 PM, July 09, 2013  
Blogger laforge@chromium said...

There were a few stability issues w/ 11.8.800.96, which just got resolved this morning. We in the process of updating users to 11.8.800.97 via the component updater over the next few days to ensure that we are providing a good/ stable experience (also updated the blog post to that effect).

12:53 PM, July 09, 2013  
Blogger Gordon Hawley said...

Thank you for the update on the Flash issue. It's just frustrating not knowing what is going on. Now we know.

1:03 PM, July 09, 2013  
Blogger Rafael Hilário said...

Update to Chrome 28 stable...there's no sign of the new notification center anywhere...???

1:04 PM, July 09, 2013  
Blogger Alexander Kuzmin said...

disable-new-menu-style doesn't work anymore... Very sad.

1:13 PM, July 09, 2013  
Blogger Rafael Hilário said...

What is this new style menu Google Chrome is my usual think is missing features not seen anything new in this version except the engine blink else remains the same.

1:21 PM, July 09, 2013  
Blogger Maxiz said...

Can Google make the menu style option for "Old and the New one"? So just we can change it when u want. This is sad theres no choice for user to customize. For most desktop user, the new menu style is taking too much space and annoying somehow. I like chrome but...

4:08 PM, July 09, 2013  
Blogger Marchiote said...

How can I update pepper flash manually "forced"?
Here it's still old flash version.

6:24 PM, July 09, 2013  
Blogger Tony Barnes said...

Please fix this all pages are blank on my end in metro mode it docent even work. i uninstalled re installed no go. i even went as far as a system restore thinking maybe windows update did it no go. Please fix this it is unusable on my end i hate going to the desktop to just use a browser. the previous version worked great.

7:27 PM, July 09, 2013  
Blogger Tony Barnes said...

please fix this i cant use chrome in metro mode all of it is broke please fix i hate this desktop drop thing. please bring back chrome metro why is it not working why are all pages blank and say unresponsive.

8:40 PM, July 09, 2013  
Blogger Alex Schedar said...

I also agree with "Can Google make the menu style option for "Old and the New one"? So just we can change it when u want. This is sad theres no choice for user to customize. For most desktop user, the new menu style is taking too much space and annoying somehow."

9:52 PM, July 09, 2013  
Blogger Ashley Sommer said...

I cant seem to enable QUIC on this release. The #enable-quic option of flags page is not there, and the --enable-quic launcher switch doesnt work.

12:17 AM, July 10, 2013  
Blogger database error... said...

winxp 32bit, chrome release channel, version 28, still old pepperflash

whats wrong?

Adobe Flash Player (2 files) - Version: 11.7.700.225 (Disabled)
Shockwave Flash 11.7 r700
Name: Shockwave Flash
Description: Shockwave Flash 11.7 r700
Version: 11.7.700.225


i have disabled it for now

2:34 AM, July 10, 2013  
Blogger Alex Schedar said...

database error...,
In the beginning of the post said:
Update: We are separately updating users to Flash Player 11.8.800.97 via our component updater.
And when, and to whom?

2:59 AM, July 10, 2013  
Blogger Jenn said...

I'm getting an Aw Snap page with 28. I've tried removing and reinstalling and Chrome is still not working. What happened?

4:36 AM, July 10, 2013  
Blogger phi2x said...

From what I can see, there are still a lot of problems in Chrome.

Look at these examples:
http://cpcbox.com/blink-bug.htm
http://cpcbox.com/bench.htm

5:12 AM, July 10, 2013  
Anonymous Anonymous said...

Why are my extensions now part of a hidden drop down???

Extensions such as Gmail Notifier don't work very well when hidden.

6:45 AM, July 10, 2013  
Blogger Alon Gothshmidt said...

Looks like JPEG2000 is not supported in Chrome, why does it need to handle it at all?

6:47 AM, July 10, 2013  
Blogger madhunt3r said...

WTF? Where is smooth scrolling on OSX like Chrome 27??

7:16 AM, July 10, 2013  
Blogger Deepak Last said...

Im running Version 28.0.1500.71 m but still stuck with adobe flash player version 11.7.700.225...any ideas why?

4:31 PM, July 10, 2013  
Blogger Mario said...

This comment has been removed by the author.

11:45 PM, July 10, 2013  
Blogger mad madrasi said...

hmmm. Flash Player 'yup'dated to 11.8.800.97. But Adobe's flash download page still says latest version for Win is 11.8.800.94.
LOL.

12:43 AM, July 11, 2013  
Blogger doelf said...

On two of my machines - Windows 64 bit, Intel Core i7-920/960X, 12 GB RAM - Chrome does not load anything anymore - not even chrome://settings/ ! The windows stays white and unresponsive. I updated Chrome using the build in function. Even a new install won't help.

screenshot:
http://www.au-ja.de/bilder/2013/chrome-28.0.1500.71-not-loading-anything.jpg

more info:
http://forum.au-ja.de/viewtopic.php?f=19&t=44381

1:34 AM, July 11, 2013  
Blogger Gavlar said...

getting an 'aw snap' error when trying to do anything in this version of chrome using old_chrome works. Anyone else?

8:13 AM, July 11, 2013  
Blogger Tony Barnes said...

issue not fixed i still have to use chrome 27 i need fix i need fix i need fix.

2:51 PM, July 11, 2013  
Blogger Rafael Hilário said...

I saw no central notification on my Windows 8 pro anything new in Google Chrome 28 stable unless the engine is now blink.

3:49 PM, July 12, 2013  
Blogger Luboš Motl said...

The notification center isn't any item in manus: it is a new library that extensions may use to send notifications. Try Checker Plus for Gmail, Notifier for Twitter, and so on.

The extensions in the drop down menu may be restored. Just position the mouse on the proper place left from the >> arrow for the drop down menu, and the cursor will become a left-right arrow, allowing you to move the boundary to the left. Go left. You should understand the rest.

8:46 PM, July 12, 2013  
Blogger Rafael Hilário said...

Thank you Luboš Motl was the one who explained to me how the central notifications funicona Google Chrome 28 stable working right now actually think Google Chrome should give a better explanation to users how the new notifications center.

6:25 AM, July 13, 2013  
Blogger muhammad kumail said...

Earn Money Launch a New Earning System on Facebook, the best Social Media Website where you can share some fun and earn with us, Share some pictures on Facebook and earn on every pictures you post or share. Unlimited Facebook Wall Sharing and Unlimited Earning.
Earn with Making Facebook Ids, Make Unlimited Facebook Ids and Get 10$ on Every FB Id.
jobzcorner.com

1:45 PM, July 14, 2013  
Blogger Musa Kocaman said...

Türkiye'nin ve dünyanın her yerine tatil fırsatları planınızı yapabilirsiniz.

5:09 AM, July 15, 2013  
Blogger Maxiz said...

This comment has been removed by the author.

12:11 PM, July 21, 2013  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home