Tuesday, September 4, 2018

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 69 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 69.0.3497.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 69.

Security Fixes and Rewards


Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 40 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$5000][867776] High CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka on 2018-07-26
[$3000][847570] High CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer on 2018-05-29 [$1000][848306] High CVE-2018-17457: Use after free in WebAudio. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-31 [$500][860522] High CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-07-05
[N/A][877182] High CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand of Google Project Zero on 2018-08-23
[N/A][848238] High CVE-2018-16069:Out of bounds read in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-05-31
[N/A][848716] High CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-06-01
[N/A][855211] High CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-21
[$4000][864283] Medium CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer. Reported by Jun Kokatsu (@shhnjk) on 2018-07-17
[$3000][863069] Medium CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu (@shhnjk) on 2018-07-12
[$3000][863623] Medium CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu (@shhnjk) on 2018-07-13
[$2500][864932] Medium: Out of bounds read in Little-CMS. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on 2018-07-18
[$2000][788936] Medium CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila (@cgvwzq) on 2017-11-27
[$2000][867501] Medium CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2018-07-25
[$2000][848123] Medium: Cross origin read. Reported by Luan Herrera (@lbherrera_) on 2018-05-31
[848535] Low CVE-2018-16087: Multiple download restriction bypass.
[848531] Low CVE-2018-16088: User gesture requirement bypass.
[$1000][377995] Medium CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero on 2014-05-27
[$1000][858820] Medium CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks on 2018-06-28
[$500][723503] Medium CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù (antisnatchor) on 2017-05-17
[$500][858929] Medium CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani on 2018-06-29
[N/A][666299] Medium CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn of Google Project Zero on 2016-11-17
[N/A][851398] Medium CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair on 2018-06-11
[N/A][856823] Medium CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-26
[$1000][865202] Low CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu (@shhnjk) on 2018-07-18 [$500][844428] Low CVE-2018-16086: Script injection in New Tab Page. Reported by Alexander Shutov (Dark Reader extension) on 2018-05-18 [N/A][856578] Low CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin of Yandex on 2018-06-26


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [880418] Various fixes from internal audits, fuzzing and other initiatives




If you're interested in Enterprise relevant information please look through the Enterprise Release Notes for Chrome 69.

Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Thank you,
Krishna Govind

Labels: ,

46 Comments:

Blogger Louis said...

2 septembre 2008 - 4 septembre 2018: Happy Birthday Chrome!

Genuine thanks to all the Chrome Team members for all the hard work over the last TEN years.
And yes,Chrome 69 looks really gorgeous and speedy and really secure. :)

PS: clearly,I like Google very much.

12:11 PM, September 04, 2018  
Blogger Unknown said...

I just updated to Version 69.0.3497.81 and chrome is very slow to open and slow to load pages. I am using windows 10, and I tried Edge and it seems to be working normally.

12:47 PM, September 04, 2018  
Blogger Krishna Govind said...

Unknown@, could you pls report a bug for issue you're facing under crbug.com with full details? Thank you.

1:29 PM, September 04, 2018  
Blogger Brian said...

The gap between bookmark bar icons become much wider now so less icons can be accommodated. Could you please reset to the compact design in the previous version? Thanks.

1:51 PM, September 04, 2018  
Blogger R Nacnud said...

Thanks for the update,but since it came without notification it came as a surprise.

1:58 PM, September 04, 2018  
Blogger Louis said...

7/32
Radeon software version:
Non-WHQL-32Bit-Radeon-Software-Crimson-16.7.2-Win10-Win8.1-Win7-July9

Ah,a little thingy in the chrome://gpu/:

Log Messages
GpuProcessHostUIShim: The GPU process exited normally. Everything is okay.

[304:8500:0904/230759.667:WARNING:ipc_message_attachment_set.cc(49)] : MessageAttachmentSet destroyed with unconsumed attachments: 0/1

GpuProcessHostUIShim: The GPU process exited normally. Everything is okay.

2:15 PM, September 04, 2018  
Blogger Rob K said...

When does the update come to Chromebooks?

6:26 PM, September 04, 2018  
Blogger Christian Dwi Wijaya said...

This comment has been removed by the author.

7:06 PM, September 04, 2018  
Blogger none said...

Only $5000 for Out of bounds write in V8 - wtf guys?!

11:00 PM, September 04, 2018  
Blogger John Eyðstein Brockie said...

This comment has been removed by the author.

12:01 AM, September 05, 2018  
Blogger Unknown said...

Congrats! Looking great and I'm a big Chrome fan.

One minor bug I've noticed is when developing with Visual Studio, when debugging and hitting a breakpoint, the new Chrome will go black for a few seconds then come back and do this cyclically while VS is 'paused' at a breakpoint. It looks like the monitor switches off completely but it's actually Chrome going completely black (page and tabs bar etc).



12:37 AM, September 05, 2018  
Blogger Unknown said...

when I use Chrome with DevTools and examine elements, the browser turns completely black for 2 seconds. That happens again and again. No nice work anymore. :-(

2:11 AM, September 05, 2018  
Blogger miniwrld at work said...

This comment has been removed by the author.

3:50 AM, September 05, 2018  
Blogger miniwrld at work said...

@Rob K The official Chrome Release Calendar over at Chromium Developers says September 11 is the day for Chrome OS devices, including Chromebooks and Chromeboxes - and furthermore, Chrome OS in general is on a 1 week lag from desktop for channel promotion in general. Stay patient! (Fixed typo: Chromimum -> Chromium.)

4:11 AM, September 05, 2018  
Blogger John Price said...

On Linux the "Customize this Page" menu at bottom right of screen has no options, anybody else see this?

4:23 AM, September 05, 2018  
Blogger Giuseppe D'Ambrosio said...

on win 7 the address bar is no more following the default system colors (that's an all-black background): I get now a dazzling white instead..

7:58 AM, September 05, 2018  
Blogger Frede said...

Anyone had issues with text rendering improperly? I get this on almost all sites that work OK with IE and Edge.Parts of letters are missing making it look like greek and impossible to read. All flags reverted to default.

7:59 AM, September 05, 2018  
Blogger RC Pelisco said...

There's an issue when you have multiple windows of chrome. The other window just don't work properly. The topbar is not respoding to clicks. Though the document window works properly.

10:04 AM, September 05, 2018  
Blogger Unknown said...

very slow animations i.e: different events that are being listened then fired with a time lag. Slow even with one tab open. I am on macbook pro 2012 late

12:30 PM, September 05, 2018  
Blogger MrMuk said...

Back then, Firefox was imitating Chrome's look... and now it's the other way round... CHROME, STOP IT. As others said, bring the compact tabs back!

2:43 PM, September 05, 2018  
Blogger Jamie said...

=1 --- when I use Chrome with DevTools and examine elements, the browser turns completely black for 2 seconds. That happens again and again. No nice work anymore. :-(

6:20 PM, September 05, 2018  
Blogger John Price said...

On Linux the "Customize this Page" menu at bottom right of screen has no options, anybody else see this?

Found the solution myself, theme was set to GTK+ when I switched back to Classic the menu options appeared.

1:34 AM, September 06, 2018  
Blogger againstantichrist said...

Chrome have very slow performance adter the new update (version69.0.3497.81). Lagging on you tube, much delay whenever click to open pages and new tabs! WTF????????? FIX IT PLEASE!

6:46 AM, September 06, 2018  
Blogger Unknown said...

As of this update, enabling flash in site specific settings or for all sites is now not retained upon restarting Chrome. This means that my users now have to follow a process to enable flash every time they open Chrome at their workstations to use certain web portal services on behalf of our clients.

Walking my non-technical users through enabling flash several times a day is certainly more secure then retaining the predetermined flash settings and never having them touch that stuff at all. Thanks Google.

7:00 AM, September 06, 2018  
Blogger Hitesh Gupta said...

Sync is paused repeatedly in the browser after the update to this version. Tried disabling all extensions & even reinstalling chrome & disabling my antivirus but the problem persists.

9:26 AM, September 06, 2018  
Blogger Elias Wald said...

Hitesh, please see crbug.com/878776. It sounds like you may be having issues with your encryption keychain. Try restarting your computer (and then restarting Chrome again after restarting your computer).

3:24 PM, September 06, 2018  
Blogger Krishna Govind said...

John Price@, Please report a bug for Linux issue with "Customize this Page" menu under crbug.com and provide all details there. Thank you.

3:28 PM, September 06, 2018  
Blogger Krishna Govind said...

Jamie@, Please report a bug for Devtools issue you're facing under crbug.com and provide all details there. Thank you.

3:29 PM, September 06, 2018  
Blogger Wendy said...

text is rendering incorrectly - you have to hover your mouse over the letter to make them appear properly or keep refreshing the page.

10:50 PM, September 06, 2018  
Blogger miniwrld at work said...

@Wendy This issue has been known about for a while - at least since the Beta cycle. Detective work was in progress to find the change that introduced the rendering difference when I last checked - according to the development team the likely finger was pointed at a recent import of changes to the graphics rendering library Skia combined with a similar import for the font renderer HarfBuzz unfortunately containing clashing changes.

4:56 AM, September 07, 2018  
Blogger Eurobusiness Web Agency said...

Developer tools has a bug and turn screen black when you insepect element when visual studio running a site in localhost.
No breakpoint pause is needed in VS to reproduce the bug.

8:06 AM, September 07, 2018  
Blogger GamingtheSystem said...

This update is causing my computer to lag to an incredible degree whenever I open a new tab and even passively browsing is using up tremendous amounts of disk space.

8:32 AM, September 07, 2018  
Blogger Gildrette MoralesRoman said...

I want to return to the previous Chrome. Someone can explain how I can do it?
Thank you

3:44 PM, September 07, 2018  
Blogger Kei So Koo said...

Not stable other languages on Mac.

12:57 AM, September 08, 2018  
Blogger Unknown said...

Chrome 69 is incredibly slow. It lags bad when scrolling. Twitter isn't even working, it's like trying to interact with a screenshot.

11:25 AM, September 08, 2018  
Blogger Janet Smith said...

I am also having problems with text in Chrome rendering incorrectly since the update. Reloading the page helps, but I should not have to do that!

2:39 PM, September 08, 2018  
Blogger Aguila Azul del Despertar said...

Very laggy in youtube videos & facebook videos

8:25 AM, September 09, 2018  
Blogger scouser73 said...

I am really liking the latest update and the overall look of Chrome, it's fast and secure. Well done to all the developers and bug finders on this release.

6:52 AM, September 11, 2018  
Blogger Dlabs said...

I fixed my problems of video laggy upgrading my Nvidia Drivers in my case Nvidia mt850

9:34 AM, September 11, 2018  
Blogger Kenneth Goodman said...

It hangs on when trying to back up to a previous page and generally runs slower. Looks nice, but can't say I'm a fan

10:04 PM, September 12, 2018  
Blogger Ken said...

As Anonymous stated above, flash specific sites are NOT working properly. You can set the setting to "allow" for a specific site every day, but each time you close chrome, that setting vanishes. It's very annoying to have to allow it to run every time I check flash enabled sites. Please fix this.

11:36 AM, September 13, 2018  
Blogger Alexandru Mihai said...

WTF is wrong with version 69.0.3497.92? Is this the new old Mozilla Firefox? It looks awful!!!

12:30 PM, September 14, 2018  
Blogger miniwrld at work said...

@Alexandru Mihai Let's be honest here. Google and Mozilla have taken to copying each other's user interface ideas, in the name of a browser that lets you do more and gets in your way less. Fortunately, both support themes so you can make it look the way YOU want it to - in Chrome's case, the themes section in the Chrome Web Store is the place to look.

1:17 PM, September 14, 2018  
Blogger Giuseppe D'Ambrosio said...

@miniwrld, we can be honest, but it seems that Chrome themes can't change the address bar.. and anyway, I don't see no reason to not follow the default system colors, as it was on 68

3:35 AM, September 15, 2018  
Blogger James Hogan said...

You've really made a mess of the flash integration - I've had to switch to Edge as I don't even have an ADD button, and if the page doesn't ask to run flash and just says, "install or enable flash".....I can't.

DONKS.

9:34 AM, September 15, 2018  
Blogger miniwrld at work said...

@Giuseppe Yeah, that is unfortunate, as it limits our choices for styling the browser. However, I suspect that it's a temporary technical limitation of the new engine powering the new design behind the scenes. I cannot confirm this without looking at the open issues, but past history suggests this isn't intentional.

7:32 AM, September 17, 2018  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home