Friday, March 14, 2014

Stable Channel Update

The Stable Channel has been updated to 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows.

Security Fixes and Rewards

Congratulations to VUPEN and an Anonymous submission for winning the Pwn2Own competition.
  • [$100,000] [352369] Code execution outside sandbox. Credit to VUPEN.
    • [352374] High CVE-2014-1713: Use-after-free in Blink bindings
    • [352395] High CVE-2014-1714: Windows clipboard vulnerability
  • [$60,000] [352420] Code execution outside sandbox. Credit to Anonymous.
    • [351787] High CVE-2014-1705: Memory corruption in V8
    • [352429] High CVE-2014-1715: Directory traversal issue

We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future.

Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

Labels:

7 Comments:

Blogger ketel0ne said...

This should read version 33.0.1750.152

5:59 PM, March 14, 2014  
Blogger Richard Kral said...

Well, my Chrome tells me version 33.0.1750.149 is up-to-date...

7:20 PM, March 14, 2014  
Blogger Pisma utjehe said...

@Richard Kral +1 wtf?!

9:00 PM, March 14, 2014  
Blogger Maxiz said...

Same. my build 33.0.1750.149 says it's up to date as of now.

9:49 PM, March 14, 2014  
Blogger pcworld said...

Your "SVN revision log" links is wrong.

2:42 AM, March 15, 2014  
Blogger mobilediesel said...

What's the ETA on fixing the bug that tells me "[0315/093921:ERROR:nacl_helper_linux.cc(236)] NaCl helper process running without a sandbox!
Most likely you need to configure your SUID sandbox correctly
"
in Debian Wheezy?

7:05 AM, March 15, 2014  
Blogger flacus said...

Monetize your android app on http://adf.ly/ZJILW

6:54 AM, March 18, 2014  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home