Thursday, April 28, 2016

Stable Channel Update

The stable channel has been updated to 50.0.2661.94 for Windows, Mac, and Linux.


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.


[$3000][574802] High CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.
[$3000][601629] High CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar.
[$3000][603732] High CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu.
[$3000][603987] High CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to anonymous.
[$1000][597322] Medium CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar.
[$1000][606181] Medium CVE-2016-1665: Information leak in V8. Credit to HyungSeok Han.
[$n/a][586820Low CVE-2016-5168: Side channel information leak in Skia. Credit to Roeland Krak.


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [607652] CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer.

A list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Krishna Govind
Google Chrome

Labels:

16 Comments:

Blogger Taylor Armstrong said...

Any chance we can get the standard download URL's synched back with the "Stable" releases posted here? They have been out of synch for over a month now - if I google for "Google Chrome" and use the download link, I'm still getting version 49.0.2623.112 as of less than 5 minutes ago.

For those of us who rely on this blog for updates to manage enterprise rollouts, the discrepancy is driving us a little nuts.

1:05 PM, April 28, 2016  
Blogger malware killer said...

me too
49300355e7fbca83d6be65efa91faebe googlechrome.dmg
Last-Modified: Wed, 06 Apr 2016 01:50:48 GMT

6:46 PM, April 28, 2016  
Blogger bingo said...

This comment has been removed by the author.

7:18 PM, April 28, 2016  
Blogger Wins0n said...

CVE-2015-1666? Is this a typo of CVE-2016-1666?

7:22 PM, April 28, 2016  
Blogger Elad said...

The download link for OS X is also version 49.0.2623.112 for me too. Google, please fix this issue.

8:45 AM, April 29, 2016  
Blogger Random Notes Harrisonburg said...

Likewise with my ChromeBook and my ChromeBox.

9:58 AM, April 29, 2016  
Blogger Taylor Armstrong said...

Just to follow up - not sure if these comments had anything to do with it, but thanks to whoever at Google fixed the issue in the past 24 hours!

1:52 PM, April 29, 2016  
Blogger Scott Ramey said...

I am on a Chromebook (Lenovo 100s) and do not yet see the update for Chrome OS 50 when I check to see if the device is up-to-date (it says it is). Any idea on when the Chrome OS 50 will roll out to Chromebooks?

3:20 PM, May 02, 2016  
Blogger Bence Kulcsar said...

Chrome 50 share is still under 15%, what has happened?

http://gs.statcounter.com/#desktop-browser_version-US-daily-20160301-20160531

Chrome 49 got over 30% in two weeks.

4:48 AM, May 03, 2016  
Blogger Daniel said...

Hi, I've noticed that since last update to the current version (from 49 to 50) the "details.processId" in the "beforeNavigate" trigger is always -1.

bug or feature?

9:17 AM, May 03, 2016  
Blogger BERITA KELLY said...

rekomendasi:NAGAQQ.COM | AGEN BANDARQ | BANDARQ ONLINE | ADUQ ONLINE | DOMINOQQ TERBAIK
NAGAQQ.COM | AGEN BANDARQ | BANDARQ ONLINE | ADUQ ONLINE | DOMINOQQ TERBAIK

6:32 AM, May 04, 2016  
Blogger SuperHirohumi said...

This comment has been removed by the author.

4:00 AM, May 06, 2016  
Blogger SuperHirohumi said...




Google Chrome 50が世界ナンバーワンです。心からお祝い申し上げます。

4:04 AM, May 06, 2016  
Blogger BERITA KELLY said...

rekomendasi:NAGAQQ.COM | AGEN BANDARQ | BANDARQ ONLINE | ADUQ ONLINE | DOMINOQQ TERBAIK
NAGAQQ.COM | AGEN BANDARQ | BANDARQ ONLINE | ADUQ ONLINE | DOMINOQQ TERBAIK

10:47 PM, May 06, 2016  
Blogger Deepak said...

I am unable to create global variables in this version either explicitly or via the devtools "save as global var" feature, is this expected?

11:37 AM, May 09, 2016  
Blogger Aeryn Martin said...

Since the update we are experiencing some a weird effect on our CSS border color. In one table it's there, in another on the same page it's not. Exact same CSS. It worked before and now it doesn't. According to the dev tools the borders should be there...

1:10 AM, May 10, 2016  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home