Wednesday, July 20, 2016

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 52 to the stable channel for Windows, Mac and Linux. Chrome 52.0.2743.82 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 52.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 48 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

[$15000][610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie
[$3000][622183] High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent's Xuanwu Lab
[$500][613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
[$500][614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
[$8000][616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
[$7500][617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
[$3000][618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
[$7500][619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
[$5000][620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
[$2000][623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
[$3500][623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
[$1000][607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
[$1000][613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
[$500][593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Alex Chapman and Paul Stone of Context Information Security
[$500][605451] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu of  Tencent Security Response Center, TSRC
[$1000][625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
[$1000][625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

[629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Krishna Govind
Google Chrome



Blogger Debbie Kearns said...

I think we have a problem with your main page. Basically, because of this link here, the following links are broken, and they all load forever without revealing the news or anything at all!

When will the main page issues be fixed?

3:05 PM, July 20, 2016  
Blogger Brad Baker said...

I'm seeing the same as Debbie

4:54 PM, July 20, 2016  
Blogger Krishna Govind said...

Above issue should be fixed now. Thank you for reporting.

5:16 PM, July 20, 2016  
Blogger Zhangir Duiseke said...

Where the fuck is Material Design for PC version?! I've been waiting for it for 2 goddamn versions!!! Why do you release it first for ICrap and macfags first?! #WindowsPCLivesMatter!

9:21 PM, July 20, 2016  
Blogger Slavic said...

This comment has been removed by the author.

10:58 PM, July 20, 2016  
Blogger Slavic said...

Unfortunately, Chrome developers have removed the option to disable DirectWrite (both in chrome://flags/#disable-direct-write and --disable-directwrite-for-UI switch). As a result, page and UI fonts began to look blurrier, fuzzy, or the characters are improperly positioned, which is especially noticeable on small sizes. Developers explained this move as phasing out the obsolete technology:

However, the new DirectWrite implementation in Chrome gives worse results and eventually the eyes get tired much more quickly. I rolled back to Chrome 51 until the moment when DirectWrite will be comparable by quality with old GDI rendering. If not, probably I will have to use other browser, because this feature has been removed from the open-source Chromium code and soon or later it will affect all Chromium-based browsers.

11:01 PM, July 20, 2016  
Blogger Ricky Sullivan said...


11:25 PM, July 20, 2016  
Blogger Operator said...

I would also like to know why Material Design hasn't been shipped with the Windows version. Don't worry, I'm not mad or anything, just curious.

Also, when can we expect Material Design for Chrome on Windows? Will it come in a future update of v52 or do we have to wait for the release of v53.

Thank you very much in advance for taking your time and answering my question.

6:17 AM, July 21, 2016  
Blogger Martin Logüercho said...

google play slow speed using wifi in android devices

8:40 AM, July 21, 2016  
Blogger DAOWAce said...

Slavic: "Unfortunately, Chrome developers have removed the option to disable DirectWrite..."

Are you serious..

Wtf are they thinking? DirectWrite looks HORRIBLE and strains my eyes. Same reason I turned off ClearType in Vista and had to switch system fonts in 7 since it was forced all the time.

Used to be a simple option in flags, then we were forced to disable it there and use a command line switch.. and now it's going away entirely. This is worse than smooth scrolling being forced on us.

Google have lost their minds as much as Mozilla. And here Chrome has been my fallback browser because of Firefox's changes.

These developers are completely out of touch with the userbase.

11:04 AM, July 21, 2016  
Blogger upthesaints said...

This comment has been removed by the author.

1:08 PM, July 21, 2016  
Blogger upthesaints said...

So the users that have problems with fuzzy fonts and had to disable directwrite, now do what exactly ?

1:10 PM, July 21, 2016  
Blogger Rachel Popkin said...

If you were using the flag and now have fuzzy fonts, please try the following:
1. Type ClearType in the Windows search box then click on "Adjust ClearType Text" in the search results.
2. Run the tuner, check the "Turn On ClearType" checkbox, then go through the rest of the screens of the wizard.
3. If after running the tuner text still looks fuzzy or blurry, try turning off anti-aliasing in Windows. This might be particularly helpful on very high resolution displays. To do so, you can use the following process:
Open the control panel. Click "System and Security" then click "System".
On the left side, click "Advanced system settings".
Click the "Advanced" tab, then under "Performance" click the "Settings" button.
Under the "Visual Effects" tab, uncheck the "Smooth edges of screen fonts" checkbox, click "Apply", and restart Chrome.

1:17 PM, July 21, 2016  
Blogger Ricky Sullivan said...

4:46 PM, July 21, 2016  
Blogger Daniel B. said...

DirectWrite is the worst thing to a browser ever. Especially Facebook looks aaaawful. Please bring the disable-option back.

3:15 AM, July 22, 2016  
Blogger upthesaints said...

Cleartype or any other change does nothing and actually makes it worse.

This is terrible to the eye and causing fatigue using chrome 52 now.

Why was directwrite removed ?

the only solution to this problem is returning directwrite so it can be disabled.

7:30 AM, July 22, 2016  
Blogger Domingo Trujillo said...

Hi, mi Google Chrome has the Versión 52.0.2743.82 m
I want to ask what is the meaning of "m" in the version number?
Thanks a lot

8:55 AM, July 22, 2016  
Blogger Sumeet Mahendra said...

Tabs are crashing very frequently, please work on it, seriously...!

9:04 AM, July 22, 2016  
Blogger R said...

Mac OSX 10.11.6, Google Chrome is now unusably slow. Tabs take anything up to 10 minutes to load, switching between tabs will cause the app to freeze for anything up to a minute. Have tried countless reboots, PRAM clear, web cache clear, all with no change to app performance.

8:40 AM, July 24, 2016  
Blogger Unknown said...

Please give back the disable-direct-write option. I cannot use Chrome anymore because I can't read anything.

11:05 AM, July 25, 2016  
Blogger Michael Walker said...

The font rendering from the changes in Chrome 52 on Mac OS are terrible and blurry as others have talked about. I have used it for less than 30 minutes and I had to walk away from my computer because of a headache. Chrome has been such a reliable browser for years, but this change is a massive step back. Unfortunately, I will need to switch browsers until a fix can be rolled out.

10:43 AM, July 26, 2016  
Blogger منى الدلوعة said...

360 Buzz | Top Trending
The hottest latest news style and celebrity,Top 10 videos and Trending topics, viral Stories are trending now

360 Buzz
zzbuzz top
buzz list
celebs buzz
beautiful womens
first lady in

3:31 AM, July 28, 2016  
Blogger Aamir Shah said...

Google Chrome is much better browser than others. i like and use daily awesome one for my this website
town cars Melbourne

4:40 AM, July 28, 2016  
Blogger Morten Borg said...

Material on macOS looks just awful - and makes no sense, this is macOS, not Android :-(

Luckily there's an flags option to choose the standard OS design again. If that option goes away at some point it's goodbye to Chrome for me.

5:28 AM, July 28, 2016  
Blogger Kathy Goeschel said...

Wow! I'm running Mac OsX and all of a sudden my fonts in Chrome are HORRIBLE! They are extremely fuzzy and its really annoying. I am going to try the rollback after finding this thread since the latest update seems to be the reason. PLEASE fix this so that I don't have to switch browsers for good

8:52 AM, July 28, 2016  
Blogger 紫雨老师 said...

I revert back to version 51 because 52's MacType rendering failed

9:34 AM, July 28, 2016  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home