Tuesday, October 17, 2017

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 62 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.


Chrome 62.0.3202.62 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 62.


Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 35 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$7500+$1337][762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
[$5000][749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
[$3000][760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
[$3000][765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
[$3000][765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
[$3000][765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
[$3000][718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
[$N/A][722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
[$5000][744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
[$2000][762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
[$1000][752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
[$1000][756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
[$1000][756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
[$500][739621] Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
[$500][750239] Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
[$500][598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
[$N/A][714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
[$N/A][732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
[$N/A][745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
[$N/A][759457] Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman (johberlvi@) on 2017-08-28


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [775550] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Interested in switching release channels? Find out how.  If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Abdul Syed
Google Chrome

Labels:

18 Comments:

Blogger Nsmaofmaosdf said...

Thanks for chrome teams! I really like google chrome! It's my favorite browser.

11:05 PM, October 17, 2017  
Blogger Fufluns said...

A beta and a stable on the same day. Impressive!

3:15 AM, October 18, 2017  
Blogger MDS said...

With this update, my login screen is now all blurry and I can see the faint image of my wallpaper. Have tried everything I can think of to get rid of this problem without any success. Please fix

10:16 AM, October 18, 2017  
Blogger William John Pētry said...

@MDS That is not a problem, that is a feature, bro. They updated the look

12:57 PM, October 18, 2017  
Blogger Rajesh Shenoy said...

Please consider listing the feature additions / improvements / fixes also. I, for one, am more interested in that than a list of security fixes. Also, some stats around performance improvements, etc. would be interesting.

8:27 PM, October 18, 2017  
Anonymous Anonymous said...

This comment has been removed by a blog administrator.

8:16 AM, October 19, 2017  
Anonymous Anonymous said...

Anyone else having trouble running Flash with this version? Doesn't seem to work for me. I've disabled / re-enabled and still nothing. The only way I can get a site to display Flash content is to specifically add the site as an Approved Flash site.

8:17 AM, October 19, 2017  
Blogger miniwrld at work said...

@Gordon Hawley This is intentional as part of Google's long-term plan to phase out Flash usage and support in the Chrome browser. Adobe announced that Flash will no longer be updated or supported after December 2020. Google is therefore aligning their support timeline with Adobe's.

9:00 AM, October 19, 2017  
Blogger Jamal Taylor said...

@miniwrld They need to do a better job about letting us know exactly how they're phasing Flash out. We have to use Chrome on a couple of sites that use Flash, and it's been failing to update the addin consistently. I've had to install the PPAPI Flash plugin as a workaround.

1:10 PM, October 19, 2017  
Blogger Unknown said...

¿A alguien mas le pasa que al abrir presentaciones prezi, archivos pdf y al minimizar el navegador se pierde la visualización de dichas presentaciones prezi y archivos pdf, para lo cual toca recargar nuevamente dichas páginas?

¿Does anyone else find that when opening prezi presentations, pdf files and minimizing the browser, you lose the visualization of these prezi presentations and pdf files, for which it is necessary to reload these pages?

6:25 PM, October 19, 2017  
Blogger Hafed Marzouk said...

I keep seeing this warning on Chrome (Rats! WebGL Hit a Snag) every time I am on facebook. Can anyone tell us how to fix this?

2:37 PM, October 20, 2017  
Blogger Hrcsjr2 said...

UltraWebGrid (Infragistics) is not painting the rows when i'm loading results from the server. In the previous version it was possible to load it.

5:14 PM, October 20, 2017  
Blogger Em ma said...

I have the same problem, with Infragistics WebDataGrid, it has stoped painting the rows since the update. It only happens when the control is in an update panel (asp.net).

10:16 AM, October 21, 2017  
Blogger Christina King said...

I am having an issue with Flash now. I see that several of you are having one as well. What can I do it fix this? This is very upsetting for me as I am trying to teach my students and I am unable to use websites that utilize flash. Any tips are appreciated!!

10:23 AM, October 23, 2017  
Blogger mmuehlenhoff said...

Can you please clarify the scope of CVE-2017-5130? Is this a vulnerability in Chrome's use of libxml or a vulnerability in libxml2 itself (which is obviously used by a lot of other applications beside Chrome); if so did you report it to the libxml2 developers?

1:00 AM, October 25, 2017  
Blogger Álvaro Pereira Gomes said...

Hi,

After this latest chrome update, one of my app built on apache-wicket v1.4.17 started having issues with the ModalWindow. Now ModalWindows are opening blank and not showing any ajax loaded content.

Looking forward for some solution.

Thanks.

11:54 AM, October 25, 2017  
Blogger 803mastiff said...

Im having all kinds of issues with this version. I did not realize it was Chrome until I checked the automatic update date. Not impressed

1:50 PM, October 25, 2017  
Blogger ceet said...

Chrome now crashes almost every time - here is the diagnosis:Description
A problem caused this program to stop interacting with Windows.
Faulting Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Problem signature
Problem Event Name: AppHangB1
Application Name: chrome.exe
Application Version: 62.0.3202.62
Application Timestamp: 59e564b7
Hang Signature: 3156
Hang Type: 134217728
OS Version: 10.0.15063.2.0.0.768.101
Locale ID: 2057
Additional Hang Signature 1: 31567f59f90a7c93ee376cae9a222bfb
Additional Hang Signature 2: b2ed
Additional Hang Signature 3: b2ed766b9c45a977d183011f5de528fc
Additional Hang Signature 4: 3156
Additional Hang Signature 5: 31567f59f90a7c93ee376cae9a222bfb
Additional Hang Signature 6: b2ed
Additional Hang Signature 7: b2ed766b9c45a977d183011f5de528fc

Extra information about the problem
Bucket ID: 5bd7411ad6fd035a9032cf0f2251c93c (129591696483)

Can anyone help?

12:08 PM, October 31, 2017  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home