Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes
159 security fixes, including
113 relatively minor fixes found using
MemorySanitizer. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the
Chromium security page for more information.
[$27633.70][
416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
[$3000][
398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$3000][
400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang (demi6od) of NSFOCUS Security Team.
[$3000][
402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
[$2000][
403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
[$1500][
399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
[$1500][
401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
[$4500][
403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
[$3000][
338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
[$1500][
396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
[$1500][
415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
[$500][
395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
We would also like to thank Atte Kettunen of OUSPG and Collin Payne for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $23,000 in additional rewards were issued.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[
420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).
Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently 3.28.71.15).
Interested in
switching release channels? Find out
how. If you find a new issue, please let us know by
filing a bug.
Matthew Yuan
Google Chrome
65 comments :
new update broke the display scaling AGAIN!! for people using 125% scaling at OS level. !!!
issues 395425 and 380298 are back again..
https://code.google.com/p/chromium/issues/detail?id=380298
https://code.google.com/p/chromium/issues/detail?id=395425
AGAIN and AGAIN - this issue is denied by Google developers despite countless reports. What is wrong with you Chrome dev? Do you not understand that font spacing is messed up when OS zoom is > 100%? especially 125%? Internet explorer does it beautifully - but Chrome sucks big time . Even Firefox does it better - although in a wrong way. You need to vectorize the zoom and not report 125% zoom as 100%.
I use chrome on debian stable 32bit, after this update. Chrome segfault earch startup. Unfortunately, It's a known issue : https://code.google.com/p/chromium/issues/detail?id=418554
Camille Bontemps - +1. I am confused as to why the status still shows unconfirmed!
does anyone notice gmail showing ruler marks when they have 125% OS level zoom on windows? this is new in latest stable update 38
Not 64 bit for Mac OS X?!?! I thought that was the general idea...
27.6k for discovering and fixing a hole? HOT DAMN!
@shphoenix I have 110% OS level zoom and I confirm that the new update has screwed the zoom big time .. With each update I live in fear because the browser to which I have adjusted .. chrome team will implement something shitty which will f*** up the whole experience .. thanks chrome team for inflicting us with your stinking updates
again... I wish you guys would provide WHAT has been done "under the hood" to improve performance.etc without resorting to the non-straight-forward lengthy log...
@Vanp - ditto! I am sick and tired of every new update of Chrome that is getting shittier than the previous update. Why can;t Chrome get it right when IE can do it so much better? or even Firefox? it is like Chrome folks are flat out ignoring user experience when there is abundance of outrage over these issues and they keep piling the shit over and over again
@Vanp - change your start link - and append following
Change from
***Chrome.exe"
to
***Chrome.exe" /high-dpi-support=1 /force-device-scale-factor=1
PepperFlash still broken under Debian Wheezy - library depends on glibc 2.14 while debian ships 2.13.
Please fix this...
Ah.. This update suddenly broke multiplayerpiano.com when a proxy from the "Proxy Era" extension is enabled..
@shphoenix I downgraded chrome back to v37 last night .. thanks for the method you have suggested .. I'll give it a shot .. is it working if you are using more than one user? cause I just looked the target of one of my users and it says ***chrome.exe" --profile-directory="Default" .. so I was wandering where to apply the code
I use 125% scaling at OS level.
And Google Chrome works fine with that.
I do not understand the problem of the other here.
Google Chrome is supposed to take the system settings and zoom the pages at 125%
This version of chrome 38.0.2125.101 m broke the display scaling again for people using 125% scaling at OS level.
issues 395425 and 380298 are back
https://code.google.com/p/chromium/issues/detail?id=380298
https://code.google.com/p/chromium/issues/detail?id=395425
Please fix this ASAP!
No, it's all exactly as it should be.
Google Chrome increases everything by 25%.
Just as I want it.
And that's what I've also specified in Windows.
NO! Not again. Scaling problems are striking back again. I have a 1920x1080 15.6" sreen, Windows item size 125%, and Chrome's UI and images and text on the web are blurry and bigger (doesn't matter if I set Chrome's zoom to 100% or 125%). This didn't happened in the 37th version.
Same scaling problem here. Is it that hard for the coding monkeys to realise that if I set my OS display to 125% I do not want Chrome to zoom things by further 125% ?
Totally agree with scaling problems in this update. I have 125% system scaling and 125% chrome scaling and everything was fine. But now 125% chrome scaling became too large, but in 100% scaling text so blured so i can break my eyes. Total failure with this update
I have the scaling problem too. Just saying so its obvious how common it is.
@shphoenix Thanks - adjusting the command line options worked to set my Chrome back to its scaling from yesterday. I had the same problem as several others since yesterday - everything was appearing much larger than yesterday, even though the zoom level remained at 100%
Black screen in content area, Ubuntu 12.04LTS, on two computers, one Intel I5 with Nvidia and another I5 with Intel HD4400.
This is the first time I'm seeing this issue.
I'm noticing an issue with version 38.0.2125.101.
- I'm using a persistent (sticky/fixed) sidebar that follows the scroll down the page with javascript.
- The persistent container contains a mapquest api that is absolutely positioned relative to this container.
- When the container moves down the page with the scroll, the absolutely positioned content seems to stay relative to the parent container's original position (not moving with its parent like it's supposed to.)
- The issue seems to be resolved with Version 40.0.2181.0 canary (64-bit).
@HeinzDo
Problem is not that Chrome does it 125%, problem is Chrome takes 125% system zoom and "thinks" it should be 100%. this makes it blurry. it is okay for zoom to just scale the OS zoom and be done with it. but that is not what Chrome does - it takes 125% as 100% and tries to scale it wrongly.
@HeinzDo
Problem is not that Chrome does it 125%, problem is Chrome takes 125% system zoom and "thinks" it should be 100%. this makes it blurry. it is okay for zoom to just scale the OS zoom and be done with it. but that is not what Chrome does - it takes 125% as 100% and tries to scale it wrongly.
The 38.0.2125.59 update does not start properly on my iPhone 5 running iOS 8.0.2. Chrome comes up with a black screen and then disappears. If you double-tap the home button, it shows a black page for Chrome. If you select it, Chrome disappears again.
Version 38.0.2125.101 is not running correctly on Debian Wheezy. Neither is the unstable version 39.0.2171.13-1
When starting stable, it crashes before the window even loads!
$ google-chrome
Segmentation fault
Tried pulling the version number, but it segfaults before the program even loads.
$ /opt/google/chrome/chrome --version
Segmentation fault
Then I tried installing google-chrome-unstable, and I got a slightly more specific error message.
Unpacking google-chrome-unstable (from .../google-chrome-unstable_39.0.2171.13-1_i386.deb) ...
Processing triggers for desktop-file-utils ...
Processing triggers for man-db ...
Processing triggers for menu ...
Setting up google-chrome-unstable (39.0.2171.13-1) ...
Processing triggers for menu ...
$ google-chrome-unstable
/usr/bin/google-chrome-unstable: line 68: 19306 Segmentation fault "$HERE/chrome" "--migrate-data-dir-for-sxs=${XDG_CONFIG_HOME:-${HOME}/.config}/google-chrome-unstable" --enable-logging=stderr --log-level=0
Segmentation fault
So Google, how do we fix this!?
"We" don't fix it. Google fixes, as they did last time. I mean, you'd think they would have learned by now to let what's well enough alone.
Who gives the final OK on these updates? Shouldn't that person be given another job?
Anyway, the new scaling zooms up on everything. So, just setting the zoom level in "Settings" should help, no? No. The header and bookmarks bar can't be resized. How do you know the whole header section is zoomed? Well, if you have your bookmarks bar filled with bookmarks, the ones on the far right will have dropped off the screen. So, to get them back, you have to shorten some of the other titles. What a pain.
And the fonts don't even look better, just blurrier. Ugh....
What's with the font-weight on this blog? Too light to read, especially at that size! Chrome 38.0.2125.101 m (64-bit)
Forgot to mention, Windows 7 Enterprise, 64-bit
i will just change my google crhome on the other browser without scaling problems. if you are not going to fix it in the next updates.
Fix the scaling on 125% asap. This is terrible. Why would you mess with the scaling??????
I had been very impressed by this post, this site happens to be pleasant news Thanks very much for this interesting post, and I meet them more often then I visited this web site.
http://theallfreesoftware.blogspot.com/
http://theallfreesoftware.blogspot.com/2014/01/download-opera-mini-latest.html
http://theallfreesoftware.blogspot.com/2014/01/download-mozilla-firefox-latest.html
http://theallfreesoftware.blogspot.com/2014/01/download-latest-google-chrome.html
http://theallfreesoftware.blogspot.com/2014/01/download-latest-skype-6110102.html
http://theallfreesoftware.blogspot.com/2014/01/internet-explorer-110-windows-7.html
http://theallfreesoftware.blogspot.com/2014/01/google-earth-7122041.html
http://theallfreesoftware.blogspot.com/2014/01/google-drive-11253291887.html
http://theallfreesoftware.blogspot.com/2014/01/youtube-downloader-472.html
http://theallfreesoftware.blogspot.com/2014/01/adobe-reader-11006.html
http://theallfreesoftware.blogspot.com/2014/01/gom-player-22565183.html
Are the Google people going deaf? This rendering fonts is absolutely unacceptable. Honestly, each update is making it worse and worse! Please, FIX IT ASAP!
+1 on scaling issue. Trying to figure out how to downgrade to previous version.
Chrome is now virtually unusable...
When are they going to add easy migration for saved passwords? Importing saved passwords from Firefox and Internet Explorer is still broken.
Glad others are having the same issues with the font size and it's not just my machine going haywire. Some fix would be great Google if you're listening. Otherwise I might just have to switch to Firefox.
Not a happy bunny, my resolution is well screwed tonight after an update: thought I got viri lurking on lappy. took ages to adjust the resolutions last time it made it smaller, now its all big and hateful.. how can I revert back ?
For a minute yesterday I thought either I need glasses or my computer is shot. I left to go to the store and came back to open chrome and greeted with zoom factor.
The font in the address bar and on the webpages are ridiculously big.. I had to scale down to be able to read..It's like at grandma status aat the moment. Please fix this google!!!
What have you done with font sizes? It's ugly now. Some sites are messed up now
Noticed a small bug. If you translate a webpage, the "This page has been translated." pop-up does not disappear if you click on the webpage as it did in the previous version. Somewhat annoying since I can't seem to get rid of the notice unless I navigate to a different page.
this version doesn't display the fonts tahoma, verdana and georgia - it uses times new roman instead which makes many sites ugly as hell. please fix it fast! heres the issue thread https://code.google.com/p/chromium/issues/detail?id=395425
i'm using windows 7
sorry, wrong link. here's the right one:
https://code.google.com/p/chromium/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Pri%20M%20Iteration%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified&groupby=&sort=&id=421305
some youtube video fails in Windows, version 38:
https://www.youtube.com/watch?v=gEOLBVsF6a8
in version 37 they are OK :(
It crashes on Debian Wheezy immediately with a segmentation fault. I'd rather have poor zoom etc. than nothing at all (bookmarks, saved pages, history, saved cookie information, passwords etc.). I also can't run anything Flash because Flash isn't supported on linux except within Chrome (old versions, yes, but many sites won't run on older versions). I hope this gets fixed soon... I guess I can put an older version on and refuse to run the upgrade process in the meantime.
The recent update broke video seeking when trying to seek to a specific frame. For some reason its off by one. We didnt have that issue with our video app in 37.
Since I've updated to 38.0.2125.101 m some VIDEOS on "You Tube" fail to play and can't be watched! The same videos work perfectly fine in IE.
Please correct the issue!
Similar to what Christian said.. Webm videos for my web app no longer have smooth scrubbing. The decode looks to be about 10X slower than it used to be. We watched it happen on a computer that had yet to update. Hope this is a simple fix.
While I don't want to heap scorn on Google's programming teams, I do wish that someone could iron this scaling problem out for good. Chrome is not usable for me in this state. Fonts are blurry, menus are bloated, and sites with interfaces that functioned perfectly well before at half-screen size are now a mess. Setting aside critical fixes, like security issues, Google shouldn't make ANY additional changes before fixing this issue.
I've had the same problem since yesterday when Chrome was udated from v.37 to v.38. This is extremely frustrating!! When will this problem be fixed?
Same problem for me using Vista - scaling/zoom/font are all screwed up since update 38.0.2125.101 m. Google Chrome is unusable for me now.
I submitted an 'issue' with Google a couple of days ago but no response or action that I can tell.
Google - is this problem going to be fixed soon? If not I'm going to have to switch to another browser.
after updating from v36 to v38, Exchange 2013 CU5 -- OWA Calendar shows up blank. Doesn't work in Incognito mode either.
Works fine in IE and v36 before I upgraded... please fix.
Who makes the final decision for a stable release? I think they need a new pair of glasses LoL. Please Fix the display scaling again for people using 125% scaling at OS level.
issues 395425 and 380298 are back
https://code.google.com/p/chromium/issues/detail?id=380298
https://code.google.com/p/chromium/issues/detail?id=395425
Odd thing that after I close all incognito tabs, I still have cookies from previous session in incognito mode :D
Chome Version 38.0.2125.101 m Find ctl-F no longer works. What happened?
Broke text display. Usually keep zoom at 110% or 125%, but font sizes were uneven after update. A lot of blurriness on Facebook, too. Tried enabling DirectWrite, but it didn't help. It's so bad in places that it's making my eyes water.
Hi, I just update chrome to Version 38.0.2125.101 m, but it crashes every single time I open it. It says "Google Chrome has stopped working".
I've already tried completely uninstalling it and re-downloading it with no luck.
Does anyone know what happened? I really want to use chrome again, but I'm forced to use firefox for the time being.
OS: Windows 7 32 bit
Problem signature:
Problem Event Name: APPCRASH
Application Name: chrome.exe
Application Version: 38.0.2125.101
Application Timestamp: 542b7ec6
Fault Module Name: YCWebCameraSource.ax
Fault Module Version: 2.0.0.1611
Fault Module Timestamp: 47ff5525
Exception Code: c0000005
Exception Offset: 00014c7e
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1057
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
The scaling problem maybe because of this rework bug fixes?
https://codereview.chromium.org/473943003
The bug itself : https://code.google.com/p/chromium/issues/detail?id=403955
@TryM.. Hi I am not really sure about your problem but did you select the "also delete data" when you uninstalled chrome .. try doing that if not done yet .. also you may want to try the v37 final release if everything fails .. I have the x64 offline installer for v37.0.2062.124 .. if you want I can provide you with the file
Ver. 38.0.2125.104 m has solved my problems with scaling/zoom/font caused by 38.0.2125.101 m. Thank you.
for best Online Jobs without any rejection, no time limit required, no investment requires, just spend few minutes and earn upto $35 daily
www.adsclickearning.com
The forum posting is a unique and interesting job!
jobs
Post a Comment