Wednesday, May 25, 2016

Stable Channel Update



The Chrome team is delighted to announce the promotion of Chrome 51 to the stable channel for Windows, Mac and Linux.



Chrome 51.0.2704.63 contains a number of fixes and improvements -- a list of changes is available in the log.  Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 51.


Security Fixes and Rewards


Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 42 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.


[$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
[$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
[$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
[$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
[$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
[$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
[$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
[$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
[$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
[$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
[$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
[$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
[$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
[$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
[$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
[$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
[$N/A][602046] Medium CVE-2016-10403: Out-of-bounds read in PDFium. Credit to kdot working with Trend Micro's Zero Day Initiative.
[$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
[$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
[$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
[$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan.


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer.


Interested in switching release channels? Find out how.  If you find a new issue, please let us know by filing a bug.  The community help forum is also a great place to reach out for help or learn about common issues.



Krishna Govind
Google Chrome

Labels:

30 Comments:

Anonymous Anonymous said...

Where is Material Design ? :^(

1:57 PM, May 25, 2016  
Blogger Piotrek Dąbrowski said...

Give me back me the old tabs! I find the new angular tabs disgusting!

1:34 AM, May 26, 2016  
Blogger Anthony Drogon said...

I'd have to agree.
The other changes look quite nice so far, but the tabs feel like some space is wasted, and don't go well with most favicons.

2:40 AM, May 26, 2016  
Blogger Magesh M said...

New features are quit nice...:)

3:29 AM, May 26, 2016  
Blogger Mikael Jakobsson said...

Get more extensions - button under extension dont work is empty link page.

3:43 AM, May 26, 2016  
Blogger Simone said...

This update completely broke my ability to work on developing my Javascript app. Check out at this page: http://www.ccpnc.ac.uk/magresview/magresview/magres_view.html, for example at times the developer console returns a ReferenceError when I ask for variables like "Jmol" which is fundamental to the code and is surely defined if the page works at all. Then it goes back to working regularly. Then it slows down when I use it from a local web server, or it returns "null" when I use jQuery to fetch a reference to an element. Any clue as to WTH is going on?

4:18 AM, May 26, 2016  
Blogger James Harvey said...

This update causes real problems when using a proxy inside a network, and your clients are set to "Automatically Detect Settings". Everything worked before!

6:21 AM, May 26, 2016  
Blogger Rafael Hilário said...

Google Chrome has already been a great browser but every day that passes the version numbers only increase the browser does not gain any new function or feature designate and still the same thing, but more cumbersome, slow and locked. This final version of Google Chrome 51 is just awful, slow scroll pages locking and high memory consumption'm seriously considering leaving Google Chrome. I use this nevagador since version 0 and I confess that I have seen little change so far.

6:22 AM, May 26, 2016  
Blogger Blackat said...

This release is causing havoc with our production application. Every user that upgrades from 50 to 51 is having serious problems.

It may be related to Simone's issues above. We just realized that our problems are being caused by this release of Chrome.

I'm sure we aren't the only SaaS company having a heck of a morning today.

We are having to tell our user to shift to a different browser until this is resolved.

8:15 AM, May 26, 2016  
Blogger Blackat said...

BTW - Will post more details once we pinpoint what exactly is breaking with this new release. Our development team is working on it right now.

8:18 AM, May 26, 2016  
Blogger Dustin said...

Does anyone know of a reason why Chrome PDF Viewer is set to 'Always allowed to run' and the checkbox is grayed out?

8:49 AM, May 26, 2016  
Blogger Oscar Merifield said...

Hmmm, no new material design for me. has it been postponed?

11:04 AM, May 26, 2016  
Blogger Paul Irish said...

@Simone and Blackat,

Thanks for reporting. I've opened a ticket up on our bug tracker to investigate more.

https://bugs.chromium.org/p/chromium/issues/detail?id=615209

Can you star it so we can keep in touch?
Also I have some questions on the ticket for ya'll. :) Thanks

2:17 PM, May 26, 2016  
Blogger Sidney Moraes said...

I saw that that there is material design on Linux, why not in Windows?

4:02 PM, May 26, 2016  
Blogger Mark Sillian said...

I like the new look, and everything has been working for me, but there's one thing that irks me: The tabs are too tall. Everything else has gotten smaller, but the tabs have gotten larger. Please make them shorter, they really do feel like wasted space.

9:34 PM, May 26, 2016  
Blogger jeremie said...

In this new version, the link hover status bar now shows all text in grey color, on a light grey background. Impossible to read, please revert this to show black text. As it is right now, the text completely disappears with some screen viewing angles.

Running Chrome 51.0.2704.63 on Ubuntu 14.04.3.

5:06 AM, May 27, 2016  
Blogger Danilo Paolucci said...

This update causes real problems when using a proxy inside a network, and your clients are set to "Automatically Detect Settings". Everything worked before!
WE have the same problem, CHROME receive this error message : "The page you requested has been blocked by a firewall policy restriction". I resolved using chrome 50.x instead 51.x. IE11 and Mozilla aren't affect from this error message.

8:25 AM, May 27, 2016  
Blogger Larry LACa said...

The problem with proxy (PAC file) usage is being tracked with CR 615804
https://bugs.chromium.org/p/chromium/issues/detail?id=615084

Immediate workarounds are described here
https://productforums.google.com/forum/#!topic/chrome/biBhGTDpdxM

The team is working to incorporate the fix for the M51 Stable RC release Tuesday afternoon 5/31 (CR 615804 Cmt#18)

3:45 PM, May 27, 2016  
Blogger Larry LACa said...

A Material Design discussion is unfolding in this Help Forum post:
https://productforums.google.com/forum/#!topic/chrome/kM87gXdklhI .

It can be, for the moment, disabled with the flag top-chrome-md=non-material.
Caveats apply, see the forum post.

AFAIK Material Design only became the desktop default for Linux.
The windows default is still non-material.

3:52 PM, May 27, 2016  
Blogger Juan Garcia said...

I like the new tabs and design. It looks clean and cool :)

10:55 PM, May 27, 2016  
Blogger Cosmin Cristea said...

I am having problems with a transition for background-size (from 100% to 110% on hover). In 50 version was working ok, but now it completely ignores the transition and looks/feels plain awful.

1:47 AM, May 30, 2016  
Blogger dumol said...

Thank you, thank you, THANK YOU! For the first time EVER, my dark GTK+ 2.x theme looks (almost) totally fine with Chromium!!! Enabling overlay scrollbars also helps in this regard.

And the inverted-scroll regression introduced with Chromium 49, which has driven me mad while scrolling the wheel of my left-handed trackball for the past two months, is finally gone! Phew… :-D

Great release, guys.

10:11 AM, May 30, 2016  
Blogger مروه المصريه said...

Click here
Click here
Click here
sexual objects
electronic market
watch movies Sex
Six Children
Free Sex
Gay Sex
Chat Style
live chat
Sex Girls
Click here Sex Arabic Girls
pictures Sex
see a show Sex
rape of Sex
motherland Sex Show
Sex Show
Sex representatives
Celebrities
watch animals Sex
watch Sex humans
Sex in the market
Click here now
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here
Click here

4:51 PM, May 30, 2016  
Blogger Southern Gal said...

its may 30 and my chromebooks (i have three) still have not updated to the new release.... whats the hold up

5:45 PM, May 30, 2016  
Blogger Brett Randall said...

Looks OK apart from the new tab shape/size, which I'm not sold on ... maybe I will come around to it.

11:10 PM, May 30, 2016  
Blogger Siva Kumar said...

Hi,

There is serious issue in chrome ,when it tries to match the DOM elements .i.e webkitMatchesSelector match selector is not working as expected. Please let us know if any update on this.

12:31 AM, June 01, 2016  
Blogger NakiBest said...

For some reason, on my PCs - 2 of them - zoom settings for websites were lost when going from Chrome 50 to 51. Does anyone test these things?

Using Windows 10 Pro 64-bit.

2:38 PM, June 01, 2016  
Blogger Umerkhan9 said...

I've installed windows 8.1 on my laptop after buying license from ODosta Store, I want to activate it to get free upgrade from windows 7 professional to windows 10 home.
I'm now confused, How to activate and upgrade to windows 10.
Please mention within details.

3:23 AM, June 04, 2016  
Blogger NakiBest said...

@Umerkhan9 - Your question has nothing to do with Chrome, and also it appears to advertise some website. Neither is allowed here.

Please no spam and no non-Google Chrome questions here.

3:57 AM, June 04, 2016  
Blogger Val Beattie said...

In Chrome 50 and 51 we are seeing issues with our application using web workers. We use 2 web workers, one for speech recognition and one for audio encoding, both are emscripten transpilations. The issue is that the web worker processing is significantly slower - at least a factor of 2, although we are still investigating the details. We have already had to push out 2 fixes to compensate for issues caused by the slower processing. I can't find anything in a search, but not sure what to search for. What recent changes could have caused this? Any changes to workers, asm, typed arrays?

8:45 AM, June 06, 2016  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home