Elan Ruusamäe [Tue, 11 Dec 2012 19:49:28 +0000 (21:49 +0200)]
up to 23.0.1271.97
The Stable channel has been updated to 23.0.1271.97 for Windows, Mac,
Linux, and ChromeFrame platforms. This build contains the following
fixes:
- Some texts in a Website Settings popup are trimmed (Issue: 159156)
- Linux: <input> selection renders white text on white bg in apps (Issue: 158422)
- some plugins stopped working (Issue: 159896)
_ Fixed a known crash (Issue:161854)
Security fixes and rewards:
- [$1500] [158204] High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva.
- [$1000] [159429] High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva.
- [160456] Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla).
- [160803] Critical CVE-2012-5142: Crash in history navigation. Credit to Michal Zalewski of Google Security Team.
- [160926] Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar).
- [$2000] [161639] High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt.
Elan Ruusamäe [Fri, 30 Nov 2012 11:04:49 +0000 (13:04 +0200)]
- up to 23.0.1271.95
The Stable channel has been updated to 23.0.1271.95 for Windows, Mac,
Linux, and ChromeFrame platforms.
Security fixes and rewards:
- [161564] High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Jüri Aedla).
- [$7331] [162835] High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie.
Congratulations to Pinkie Pie for completing challenge: 64-bit exploit.
Elan Ruusamäe [Mon, 8 Oct 2012 22:08:15 +0000 (01:08 +0300)]
up to 22.0.1229.92
Security fixes and rewards:
- [$1000] [138208] High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG.
- [$3133.7] [147499] Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG.
- [$500] [148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis.
- [151449] Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno).
- [151895] Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans).
These builds also have a new version of Flash with security and other fixes.
Elan Ruusamäe [Wed, 26 Sep 2012 16:48:08 +0000 (19:48 +0300)]
up to 22.0.1229.79
The Chrome Team is excited to announce the promotion of Chrome 22 to the
stable channel.
Chrome 22.0.1229.79 (also now available on the beta channel) has a
number of new and exciting updates including:
- Mouse Lock API availability for Javascript
- Additional Windows 8 enhancements
- Continued polish for users of HiDPI/Retina screens
- You can find out more about Chrome 22 on the Official Chrome Blog.
Elan Ruusamäe [Fri, 31 Aug 2012 16:39:09 +0000 (19:39 +0300)]
up to 21.0.1180.89
The Stable channel has been updated to 21.0.1180.89 for Linux, Mac,
Windows and Chrome Frame
This build fixes the following issues:
- Several Pepper Flash fixes (Issue 140577, 144107, 140498, 142479).
- Microphone issues with tinychat.com (Issue: 143192)
- devtools regression with "save as" of edited source (issue: 141180)
- mini ninjas shaders fails (Issue: 142705)
- page randomly turns red/green gradient boxes (Issue: 110343)
Security fixes and rewards:
- [$500] [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz.
- [$1000] [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz.
- [135485] Low CVE-2012-2867: Browser crash with SPDY.
- [$500] [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz.
- [137778] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team.
- [138672] [140368] Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire.
- [$1000] [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire.
- [$500] [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
Many of the above bugs were detected using AddressSanitizer.
Elan Ruusamäe [Tue, 21 Aug 2012 21:15:39 +0000 (00:15 +0300)]
up to 21.0.1180.81
The Beta channel has been updated to 21.0.1180.81 for Mac, Linux, Windows and Chrome Frame
This build fixes the following issues:
- Duplex Printing defaults to Yes, which prints extra pages even for a 1 page print out (Issue 138312).
- Print preview takes forever on Win XP (issue: 140044)
- Anti-DDoS inversion of logic (Issues: 141643, 141081)
- Pepper Flash: in file uploads, treats HTTP status != 200 as failure, breaking (e.g.) uploads to Amazon S3 (Issue: 140468)
- Projectmanager.com application causes Flash to hang (Issue: 141018)
- Turn off TLS 1.1 in Chrome 21 Stable (Issue: 142172)
- An additional scroll bar appears at the right on many sites (issue: 140239)
- Setting and unsetting display:none obliterates current scroll position (issue: 140101)