Tuesday, October 7, 2014

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 38 to the stable channel for Windows, Mac and Linux. Chrome 38.0.2125.101 contains a number of fixes and improvements, including:

- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

A full list of changes is available in the log.

Security Fixes and Rewards 

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 159 security fixes, including 113 relatively minor fixes found using MemorySanitizer. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$27633.70][416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
[$3000][398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$3000][400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang (demi6od) of NSFOCUS Security Team.
[$3000][402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
[$2000][403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
[$1500][399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
[$1500][401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
[$4500][403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
[$3000][338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
[$1500][396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
[$1500][415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
[$500][395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.

We would also like to thank Atte Kettunen of OUSPG and Collin Payne for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $23,000 in additional rewards were issued.

As usual, our ongoing internal security work responsible for a wide range of fixes:
[420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).
Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently 3.28.71.15).

Some of the above bugs were also detected using AddressSanitizer.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.


Matthew Yuan
Google Chrome

Labels:

65 Comments:

Blogger shphoenix said...

new update broke the display scaling AGAIN!! for people using 125% scaling at OS level. !!!
issues 395425 and 380298 are back again..
https://code.google.com/p/chromium/issues/detail?id=380298
https://code.google.com/p/chromium/issues/detail?id=395425
AGAIN and AGAIN - this issue is denied by Google developers despite countless reports. What is wrong with you Chrome dev? Do you not understand that font spacing is messed up when OS zoom is > 100%? especially 125%? Internet explorer does it beautifully - but Chrome sucks big time . Even Firefox does it better - although in a wrong way. You need to vectorize the zoom and not report 125% zoom as 100%.

1:20 PM, October 07, 2014  
Blogger Camille Bontemps said...

I use chrome on debian stable 32bit, after this update. Chrome segfault earch startup. Unfortunately, It's a known issue : https://code.google.com/p/chromium/issues/detail?id=418554

1:23 PM, October 07, 2014  
Blogger Richard Kral said...

This comment has been removed by the author.

1:33 PM, October 07, 2014  
Blogger shphoenix said...

Camille Bontemps - +1. I am confused as to why the status still shows unconfirmed!

1:35 PM, October 07, 2014  
Blogger shphoenix said...

does anyone notice gmail showing ruler marks when they have 125% OS level zoom on windows? this is new in latest stable update 38

1:38 PM, October 07, 2014  
Blogger Lars Berglund said...

Not 64 bit for Mac OS X?!?! I thought that was the general idea...

2:07 PM, October 07, 2014  
Blogger blinxwang said...

27.6k for discovering and fixing a hole? HOT DAMN!

2:28 PM, October 07, 2014  
Blogger Vanp said...

@shphoenix I have 110% OS level zoom and I confirm that the new update has screwed the zoom big time .. With each update I live in fear because the browser to which I have adjusted .. chrome team will implement something shitty which will f*** up the whole experience .. thanks chrome team for inflicting us with your stinking updates

2:35 PM, October 07, 2014  
Blogger Ray890 said...

again... I wish you guys would provide WHAT has been done "under the hood" to improve performance.etc without resorting to the non-straight-forward lengthy log...

2:38 PM, October 07, 2014  
Blogger shphoenix said...

@Vanp - ditto! I am sick and tired of every new update of Chrome that is getting shittier than the previous update. Why can;t Chrome get it right when IE can do it so much better? or even Firefox? it is like Chrome folks are flat out ignoring user experience when there is abundance of outrage over these issues and they keep piling the shit over and over again

2:55 PM, October 07, 2014  
Blogger shphoenix said...

@Vanp - change your start link - and append following

Change from
***Chrome.exe"

to
***Chrome.exe" /high-dpi-support=1 /force-device-scale-factor=1

3:00 PM, October 07, 2014  
Blogger ieti said...

PepperFlash still broken under Debian Wheezy - library depends on glibc 2.14 while debian ships 2.13.

Please fix this...

3:05 PM, October 07, 2014  
Blogger Ray890 said...

Ah.. This update suddenly broke multiplayerpiano.com when a proxy from the "Proxy Era" extension is enabled..

7:00 PM, October 07, 2014  
Blogger Vanp said...

@shphoenix I downgraded chrome back to v37 last night .. thanks for the method you have suggested .. I'll give it a shot .. is it working if you are using more than one user? cause I just looked the target of one of my users and it says ***chrome.exe" --profile-directory="Default" .. so I was wandering where to apply the code

12:26 AM, October 08, 2014  
Anonymous Anonymous said...

I use 125% scaling at OS level.
And Google Chrome works fine with that.

I do not understand the problem of the other here.
Google Chrome is supposed to take the system settings and zoom the pages at 125%

12:42 AM, October 08, 2014  
Blogger ßłưε˅ỉžỉơƞş said...

This version of chrome 38.0.2125.101 m broke the display scaling again for people using 125% scaling at OS level.
issues 395425 and 380298 are back
https://code.google.com/p/chromium/issues/detail?id=380298
https://code.google.com/p/chromium/issues/detail?id=395425

Please fix this ASAP!

3:50 AM, October 08, 2014  
Anonymous Anonymous said...

No, it's all exactly as it should be.
Google Chrome increases everything by 25%.
Just as I want it.
And that's what I've also specified in Windows.

5:23 AM, October 08, 2014  
Blogger Rambo Hunter said...

This comment has been removed by the author.

5:28 AM, October 08, 2014  
Blogger Rambo Hunter said...

NO! Not again. Scaling problems are striking back again. I have a 1920x1080 15.6" sreen, Windows item size 125%, and Chrome's UI and images and text on the web are blurry and bigger (doesn't matter if I set Chrome's zoom to 100% or 125%). This didn't happened in the 37th version.

5:30 AM, October 08, 2014  
Blogger kh1234567890 said...

Same scaling problem here. Is it that hard for the coding monkeys to realise that if I set my OS display to 125% I do not want Chrome to zoom things by further 125% ?

6:58 AM, October 08, 2014  
Blogger Vladimir D said...

Totally agree with scaling problems in this update. I have 125% system scaling and 125% chrome scaling and everything was fine. But now 125% chrome scaling became too large, but in 100% scaling text so blured so i can break my eyes. Total failure with this update

7:51 AM, October 08, 2014  
Blogger Jonah Z said...

I have the scaling problem too. Just saying so its obvious how common it is.

7:53 AM, October 08, 2014  
Blogger Unknown said...

@shphoenix Thanks - adjusting the command line options worked to set my Chrome back to its scaling from yesterday. I had the same problem as several others since yesterday - everything was appearing much larger than yesterday, even though the zoom level remained at 100%

8:22 AM, October 08, 2014  
Blogger Sinisa Perovic said...

Black screen in content area, Ubuntu 12.04LTS, on two computers, one Intel I5 with Nvidia and another I5 with Intel HD4400.

This is the first time I'm seeing this issue.

9:00 AM, October 08, 2014  
Blogger Joel Seely said...

I'm noticing an issue with version 38.0.2125.101.

- I'm using a persistent (sticky/fixed) sidebar that follows the scroll down the page with javascript.

- The persistent container contains a mapquest api that is absolutely positioned relative to this container.

- When the container moves down the page with the scroll, the absolutely positioned content seems to stay relative to the parent container's original position (not moving with its parent like it's supposed to.)

- The issue seems to be resolved with Version 40.0.2181.0 canary (64-bit).

9:28 AM, October 08, 2014  
Blogger shphoenix said...

@HeinzDo
Problem is not that Chrome does it 125%, problem is Chrome takes 125% system zoom and "thinks" it should be 100%. this makes it blurry. it is okay for zoom to just scale the OS zoom and be done with it. but that is not what Chrome does - it takes 125% as 100% and tries to scale it wrongly.

11:18 AM, October 08, 2014  
Blogger shphoenix said...

@HeinzDo
Problem is not that Chrome does it 125%, problem is Chrome takes 125% system zoom and "thinks" it should be 100%. this makes it blurry. it is okay for zoom to just scale the OS zoom and be done with it. but that is not what Chrome does - it takes 125% as 100% and tries to scale it wrongly.

11:18 AM, October 08, 2014  
Blogger Unknown said...

The 38.0.2125.59 update does not start properly on my iPhone 5 running iOS 8.0.2. Chrome comes up with a black screen and then disappears. If you double-tap the home button, it shows a black page for Chrome. If you select it, Chrome disappears again.

12:10 PM, October 08, 2014  
Blogger cypher-neo said...

Version 38.0.2125.101 is not running correctly on Debian Wheezy. Neither is the unstable version 39.0.2171.13-1

When starting stable, it crashes before the window even loads!
$ google-chrome
Segmentation fault

Tried pulling the version number, but it segfaults before the program even loads.

$ /opt/google/chrome/chrome --version
Segmentation fault

Then I tried installing google-chrome-unstable, and I got a slightly more specific error message.

Unpacking google-chrome-unstable (from .../google-chrome-unstable_39.0.2171.13-1_i386.deb) ...
Processing triggers for desktop-file-utils ...
Processing triggers for man-db ...
Processing triggers for menu ...
Setting up google-chrome-unstable (39.0.2171.13-1) ...
Processing triggers for menu ...

$ google-chrome-unstable
/usr/bin/google-chrome-unstable: line 68: 19306 Segmentation fault "$HERE/chrome" "--migrate-data-dir-for-sxs=${XDG_CONFIG_HOME:-${HOME}/.config}/google-chrome-unstable" --enable-logging=stderr --log-level=0
Segmentation fault

So Google, how do we fix this!?

1:50 PM, October 08, 2014  
Blogger John J. Puccio said...

"We" don't fix it. Google fixes, as they did last time. I mean, you'd think they would have learned by now to let what's well enough alone.

Who gives the final OK on these updates? Shouldn't that person be given another job?

Anyway, the new scaling zooms up on everything. So, just setting the zoom level in "Settings" should help, no? No. The header and bookmarks bar can't be resized. How do you know the whole header section is zoomed? Well, if you have your bookmarks bar filled with bookmarks, the ones on the far right will have dropped off the screen. So, to get them back, you have to shorten some of the other titles. What a pain.

And the fonts don't even look better, just blurrier. Ugh....

3:35 PM, October 08, 2014  
Blogger Ashley Wilson said...

What's with the font-weight on this blog? Too light to read, especially at that size! Chrome 38.0.2125.101 m (64-bit)

5:25 PM, October 08, 2014  
Blogger Ashley Wilson said...

Forgot to mention, Windows 7 Enterprise, 64-bit

5:33 PM, October 08, 2014  
Blogger salt en said...

i will just change my google crhome on the other browser without scaling problems. if you are not going to fix it in the next updates.

1:19 AM, October 09, 2014  
Blogger Claudiu Apostol said...

Fix the scaling on 125% asap. This is terrible. Why would you mess with the scaling??????

1:59 AM, October 09, 2014  
Blogger Andres Izal said...

I had been very impressed by this post, this site happens to be pleasant news Thanks very much for this interesting post, and I meet them more often then I visited this web site.
http://theallfreesoftware.blogspot.com/
http://theallfreesoftware.blogspot.com/2014/01/download-opera-mini-latest.html
http://theallfreesoftware.blogspot.com/2014/01/download-mozilla-firefox-latest.html
http://theallfreesoftware.blogspot.com/2014/01/download-latest-google-chrome.html
http://theallfreesoftware.blogspot.com/2014/01/download-latest-skype-6110102.html
http://theallfreesoftware.blogspot.com/2014/01/internet-explorer-110-windows-7.html
http://theallfreesoftware.blogspot.com/2014/01/google-earth-7122041.html
http://theallfreesoftware.blogspot.com/2014/01/google-drive-11253291887.html
http://theallfreesoftware.blogspot.com/2014/01/youtube-downloader-472.html
http://theallfreesoftware.blogspot.com/2014/01/adobe-reader-11006.html
http://theallfreesoftware.blogspot.com/2014/01/gom-player-22565183.html

9:07 AM, October 09, 2014  
Blogger Andreina Garban said...

Are the Google people going deaf? This rendering fonts is absolutely unacceptable. Honestly, each update is making it worse and worse! Please, FIX IT ASAP!

9:53 AM, October 09, 2014  
Blogger Tyler S. said...

+1 on scaling issue. Trying to figure out how to downgrade to previous version.

Chrome is now virtually unusable...

10:34 AM, October 09, 2014  
Blogger dharris89 said...

When are they going to add easy migration for saved passwords? Importing saved passwords from Firefox and Internet Explorer is still broken.

1:00 PM, October 09, 2014  
Blogger Patrick Buick said...

This comment has been removed by the author.

2:24 PM, October 09, 2014  
Blogger ross winter said...

Glad others are having the same issues with the font size and it's not just my machine going haywire. Some fix would be great Google if you're listening. Otherwise I might just have to switch to Firefox.

2:24 PM, October 09, 2014  
Blogger Unknown said...

Not a happy bunny, my resolution is well screwed tonight after an update: thought I got viri lurking on lappy. took ages to adjust the resolutions last time it made it smaller, now its all big and hateful.. how can I revert back ?

2:59 PM, October 09, 2014  
Blogger Rohan Patterson said...

For a minute yesterday I thought either I need glasses or my computer is shot. I left to go to the store and came back to open chrome and greeted with zoom factor.

The font in the address bar and on the webpages are ridiculously big.. I had to scale down to be able to read..It's like at grandma status aat the moment. Please fix this google!!!

3:26 PM, October 09, 2014  
Blogger Andrey Mazoulnitsyn said...

What have you done with font sizes? It's ugly now. Some sites are messed up now

12:20 AM, October 10, 2014  
Blogger Gordon Hawley said...

Noticed a small bug. If you translate a webpage, the "This page has been translated." pop-up does not disappear if you click on the webpage as it did in the previous version. Somewhat annoying since I can't seem to get rid of the notice unless I navigate to a different page.

5:34 AM, October 10, 2014  
Blogger jayr2305 said...

this version doesn't display the fonts tahoma, verdana and georgia - it uses times new roman instead which makes many sites ugly as hell. please fix it fast! heres the issue thread https://code.google.com/p/chromium/issues/detail?id=395425
i'm using windows 7

5:39 AM, October 10, 2014  
Blogger jayr2305 said...

sorry, wrong link. here's the right one:
https://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Pri%20M%20Iteration%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified&groupby=&sort=&id=421305

5:42 AM, October 10, 2014  
Blogger Bence Kulcsar said...

some youtube video fails in Windows, version 38:

https://www.youtube.com/watch?v=gEOLBVsF6a8

in version 37 they are OK :(

8:16 AM, October 10, 2014  
Blogger Patrick Buick said...

It crashes on Debian Wheezy immediately with a segmentation fault. I'd rather have poor zoom etc. than nothing at all (bookmarks, saved pages, history, saved cookie information, passwords etc.). I also can't run anything Flash because Flash isn't supported on linux except within Chrome (old versions, yes, but many sites won't run on older versions). I hope this gets fixed soon... I guess I can put an older version on and refuse to run the upgrade process in the meantime.

9:59 AM, October 10, 2014  
Blogger Christian said...

The recent update broke video seeking when trying to seek to a specific frame. For some reason its off by one. We didnt have that issue with our video app in 37.

10:46 AM, October 10, 2014  
Blogger Michaela said...

Since I've updated to 38.0.2125.101 m some VIDEOS on "You Tube" fail to play and can't be watched! The same videos work perfectly fine in IE.
Please correct the issue!

11:31 AM, October 10, 2014  
Blogger John Traver said...

Similar to what Christian said.. Webm videos for my web app no longer have smooth scrubbing. The decode looks to be about 10X slower than it used to be. We watched it happen on a computer that had yet to update. Hope this is a simple fix.

1:06 PM, October 10, 2014  
Blogger jkarczek said...

While I don't want to heap scorn on Google's programming teams, I do wish that someone could iron this scaling problem out for good. Chrome is not usable for me in this state. Fonts are blurry, menus are bloated, and sites with interfaces that functioned perfectly well before at half-screen size are now a mess. Setting aside critical fixes, like security issues, Google shouldn't make ANY additional changes before fixing this issue.

6:04 PM, October 10, 2014  
Blogger plmtr201 said...

I've had the same problem since yesterday when Chrome was udated from v.37 to v.38. This is extremely frustrating!! When will this problem be fixed?

3:31 PM, October 11, 2014  
Blogger questionmark said...

Same problem for me using Vista - scaling/zoom/font are all screwed up since update 38.0.2125.101 m. Google Chrome is unusable for me now.

I submitted an 'issue' with Google a couple of days ago but no response or action that I can tell.

Google - is this problem going to be fixed soon? If not I'm going to have to switch to another browser.

10:31 AM, October 12, 2014  
Blogger .angela. said...

after updating from v36 to v38, Exchange 2013 CU5 -- OWA Calendar shows up blank. Doesn't work in Incognito mode either.
Works fine in IE and v36 before I upgraded... please fix.

9:35 AM, October 13, 2014  
Blogger ßłưε˅ỉžỉơƞş said...

Who makes the final decision for a stable release? I think they need a new pair of glasses LoL. Please Fix the display scaling again for people using 125% scaling at OS level.
issues 395425 and 380298 are back
https://code.google.com/p/chromium/issues/detail?id=380298
https://code.google.com/p/chromium/issues/detail?id=395425

1:39 PM, October 13, 2014  
Blogger Andrzej A. said...

Odd thing that after I close all incognito tabs, I still have cookies from previous session in incognito mode :D

2:20 PM, October 13, 2014  
Blogger BobJ said...

Chome Version 38.0.2125.101 m Find ctl-F no longer works. What happened?

6:34 PM, October 13, 2014  
Blogger Katrina Stovold said...

Broke text display. Usually keep zoom at 110% or 125%, but font sizes were uneven after update. A lot of blurriness on Facebook, too. Tried enabling DirectWrite, but it didn't help. It's so bad in places that it's making my eyes water.

2:06 AM, October 14, 2014  
Blogger TryM.. said...

Hi, I just update chrome to Version 38.0.2125.101 m, but it crashes every single time I open it. It says "Google Chrome has stopped working".
I've already tried completely uninstalling it and re-downloading it with no luck.
Does anyone know what happened? I really want to use chrome again, but I'm forced to use firefox for the time being.

OS: Windows 7 32 bit
Problem signature:
Problem Event Name: APPCRASH
Application Name: chrome.exe
Application Version: 38.0.2125.101
Application Timestamp: 542b7ec6
Fault Module Name: YCWebCameraSource.ax
Fault Module Version: 2.0.0.1611
Fault Module Timestamp: 47ff5525
Exception Code: c0000005
Exception Offset: 00014c7e
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1057
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

7:22 AM, October 14, 2014  
Blogger .:Saifullah:. said...

The scaling problem maybe because of this rework bug fixes?

https://codereview.chromium.org/473943003

The bug itself : https://code.google.com/p/chromium/issues/detail?id=403955

7:30 AM, October 14, 2014  
Blogger Vanp said...

@TryM.. Hi I am not really sure about your problem but did you select the "also delete data" when you uninstalled chrome .. try doing that if not done yet .. also you may want to try the v37 final release if everything fails .. I have the x64 offline installer for v37.0.2062.124 .. if you want I can provide you with the file

11:33 AM, October 14, 2014  
Blogger questionmark said...

Ver. 38.0.2125.104 m has solved my problems with scaling/zoom/font caused by 38.0.2125.101 m. Thank you.

12:46 PM, October 15, 2014  
Blogger waleedgazdar said...

for best Online Jobs without any rejection, no time limit required, no investment requires, just spend few minutes and earn upto $35 daily
www.adsclickearning.com

3:01 PM, October 16, 2014  
Blogger Anees Rehman said...


The forum posting is a unique and interesting job!
jobs

10:24 PM, October 20, 2014  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home