Tuesday, March 6, 2018

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 65 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 65.0.3325.146 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 65.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 45 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$5000][758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[$5000][758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[$3000][780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02
[$3000][794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12
[$1000][780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31
[$N/A][789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30
[$N/A][792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07
[$N/A][798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03
[$N/A][808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01
[$4000][799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05
[$2000][779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
[$2000][798933] Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera on 2018-01-04
[$1500][799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08
[$1000][668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25
[$1000][777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23
[$1000][791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01
[$1000][804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20
[$1000][809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06
[$500][608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03, and by Bas Venis (@BugRoast)
[$500][758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24
[$500][778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26
[$500][793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10
[$TBD][788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24
[$N/A][792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05
[$1000][797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24
[$N/A][767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-09-21
[$N/A][771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
  • [819271] Various fixes from internal audits, fuzzing and other initiatives
If you're interested in Enterprise relevant information please look through the Enterprise Release Notes for Chrome 65.

Thank you,
Krishna Govind

Labels: ,

23 Comments:

Blogger David King said...

Heads up that the "45" link to crbug doesn't work and returns:

"The search for
type:bug-security os=Android,ios,linux,mac,windows,all label:Release-0-M65
did not generate any results."

1:52 PM, March 06, 2018  
Blogger Andrew Whalley said...

Hi David, that just means all the bugs are currently restricted. By default they are opened up 14 weeks after the bug has been marked as fixed.

3:21 PM, March 06, 2018  
Blogger Sidney Moraes said...

Hello, Chrome Devs, I want to report a bug on Stats for Nerds on Youtube. Here it is a picture of the stats in Chrome (check the line about codecs): https://s14.postimg.org/yg65wtjnl/WTFFFF.jpg
Now here it is what it should be, shown in Firefox: https://s14.postimg.org/k9qf1m3nl/Capturar_Firefox.jpg

Please fiz this!

5:54 PM, March 06, 2018  
Blogger Yurkea said...

On the new tab, you see 4 fast-access sites instead of 8. You need to reduce the spacing between the doodle and icons.

11:39 PM, March 06, 2018  
Blogger adnan ahmed said...

Here Google Chrome exploit USE AFTER FREE RCE Version 64 0 3282 186


https://youtu.be/R4dAAp7nAVU

8:30 AM, March 07, 2018  
Blogger Erin Kinney said...

Our circulation computer updated to this version today and now our we can't print from our circulation system. One clicks print for a dues slip and it blips in the printer queue and then *poof* it's gone. It is never sent to the printer. However, I can print using Chrome using the print dialog box, but that won't work with our ILS. I've notified our vendor. I'm sad because now I have to use another browser.

11:35 AM, March 07, 2018  
Blogger Erwin Anzola said...

After update our print functionality does not work anymore, nothing is sent to the printer queue, all dialogue boxes open, but nothing is sent to the printer

12:35 PM, March 07, 2018  
Blogger TMHKR_AK said...

There's a slight graphical lag when opening new tabs (and while these new tabs are loading). Didn't appear in previous version.

1:13 PM, March 07, 2018  
Blogger Krishna Govind said...

This comment has been removed by the author.

2:40 PM, March 07, 2018  
Blogger Krishna Govind said...

Erin Kinney@ and Erwin Anzola@, could you pls report bugs under crbug.com with all details related to printing issues you're facing? Thank you.

2:41 PM, March 07, 2018  
Blogger Unknown said...

This is strange, While Chrome stable is on version 65.0.3325.146 Chrome beta lags behind on version 65.0.3325.125.

11:10 PM, March 07, 2018  
Blogger Luis Carlos said...

+Krishna Govind I have some projects that used javascript to print the window content and now they doesn't work.

The javascript code is

window.onload= function () { window.print();window.close(); }

8:40 AM, March 08, 2018  
Blogger Jake Houser said...

several of the computers that use our inventory management software updated today and it's causing a very large issue for us. When a user clicks print to output the inventory label, it pops into the print que but immediately disappears without being sent to the printer. We're currently scrambling to push out installers to the older version due to a pre-existing compatibility issue in IE and Firefox.

any Information on how to disable chrome. this is a really big problem for us.

8:42 AM, March 08, 2018  
Blogger Erin Kinney said...

@Krishna Govind I did, thank you.
@Jake Houser that is our exact problem, too, with our library circulation web pages. Bug reported Issue 820105 We switched browsers for now.

8:51 AM, March 08, 2018  
Blogger Keith Miller said...

March 6, 2018 update seems to have messed up Google themes...cuts off bottom of page with white, blocking theme. Anyone else experiencing this?

2:36 PM, March 08, 2018  
Blogger ramennoodler said...

I was on the chrome homepage then out of blue I got a message asking if I would like to download something and if I did it might make changes I said no and in a split second the google chrome homepage just transformed to one we have now and all my fonts are different sizes and bold along with everything else has changed.

5:36 PM, March 08, 2018  
Blogger sherlock homes said...

Very nice blog on Google chrome update.

4:19 AM, March 09, 2018  
Blogger Groovymarlin said...

The React web app that I'm testing doesn't work at all in Chrome 65. I went back to 64, and it works fine. The errors I see in devtools console are mostly Uncaught TypeErrors.

11:56 AM, March 09, 2018  
Blogger Krishna Govind said...

Groovymarlin@,
Could you please report a bug under crbug.com and paste the error there? Thank you.

2:43 PM, March 09, 2018  
Blogger Andy Halfar said...

With the last chrome update, all of my chrome themes have been cut off. Either there's a big black or white bar at the bottom of my new tab page. Any fixes for this??

8:43 AM, March 10, 2018  
Blogger Elton said...

Reporting a bug has been introduced in this release of Chrome (65).
It is causing the entire app to crash ("Aw snap").

We used chromium bisect-builds util to get to this message:

You are probably looking for a change made after 522194 (known good), but no later than 522207 (first known bad).
CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/e9ef5260cdea70b3f1aabf1bf19ee1985d01c236..8e333b2c009f030f93165d00c7a858d6bb1518a2


Reproducing steps:
1. Go to https://web.flock.com
2. Sign up or login using your gmail account
3. When through, the app crashes entirely after loading some sections of the app.

The center section is an iframe which probably could be the reason of this crash.

If anyone of you would be aware of this issue or a work around, kindly update me

8:18 AM, March 12, 2018  
Blogger Krishna Govind said...

Elton@, could you pls report a bug under crbug.com with all details? Thank you.

8:41 AM, March 12, 2018  
Blogger aylictal said...

I asked the same question presented by Erin Kinney on stack overflow. This is a major problem. https://stackoverflow.com/questions/49240402/window-open-window-write-window-print-window-close

4:11 PM, March 12, 2018  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home