Chrome Releases: September 2012

Stable Channel Update

Tuesday, September 25, 2012

Mouse Lock API availability for Javascript
Additional Windows 8 enhancements
Continued polish for users of HiDPI/Retina screens

You can find out more about Chrome 22 on the Official Chrome Blog.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:

[$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption. Credit to Eetu Luodemaa and Joni Vähämäki, both from Documill.

And back to your regular scheduled rewards, including some at the new higher levels:

[$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov.

[$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov.

[$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva.

[$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG.

[$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG.

[$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG.

[$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz.

[$1000] [144899] High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek.

[Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL. Credit to miaubiz.

[$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe.

[$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.

[$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.

[132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno).

[134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[137852] High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team.

[139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar).

[140647] High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno).

[142310] Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community.

[143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community.

[144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar).

[144799] High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar).

[145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.

Full details about what's in this release are available in the SVN revision log. Found a bug? Report it! On a different channel, but want to join us on the Beta train? The Chromium wiki has you covered.

Jason Kersey
Google Chrome

The Chrome Team is excited to announce the promotion of Chrome 22 to the stable channel. Chrome 22.0.1229.79 (also now available on the beta channel) has a number of new and exciting updates including:

Mouse Lock API availability for Javascript

Additional Windows 8 enhancements

Continued polish for users of HiDPI/Retina screens

You can find out more about Chrome 22 on the Official Chrome Blog.
Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:

[$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption. Credit to Eetu Luodemaa and Joni Vähämäki, both from Documill.

And back to your regular scheduled rewards, including some at the new higher levels:

[$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov.

[$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov.

[$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva.

[$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG.

[$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG.

[$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG.

[$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz.

[$1000] [144899] High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek.

[Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL. Credit to miaubiz.

[$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe.

[$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.

[$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.

[132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno).

[134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[137852] High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team.

[139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar).

[140647] High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno).

[142310] Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community.

[143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

[144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community.

[144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar).

[144799] High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar).

[145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.
Full details about what's in this release are available in the SVN revision log. Found a bug? Report it! On a different channel, but want to join us on the Beta train? The Chromium wiki has you covered.
Jason KerseyGoogle Chrome

Stable Channel Update

Monday, September 24, 2012

Karen Grunberg
Google Chrome

The Stable channel has been updated to 21.0.1180.90 for Mac 10.5 users only. You can see the list of changes here. If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry
Karen Grunberg
Google Chrome

Chrome for iOS Update

Monday, September 24, 2012

Chrome support sitefiling a bugSecurity fixes and rewards:Chromium security page500146760MediumCredit to Łukasz Pilorz.500147625MediumCredit to Łukasz Pilorz.

Dev Channel Update for Chrome OS

Thursday, September 20, 2012

Highlights of these changes are:

Fixed Crash when closing maximized window via Ctrl+W (147635)

Fixed Instant search (148578)

UI improvements

Known Issues:

34334 - External display gets cropped after resume from sleep

147666 - File Manager downloads "open" button missing. Workaround: Right click to open

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Ben Henry & Josafat Garcia

Google Chrome

The Dev channel has been updated to 23.0.1271.2 (Platform version: 2913.3.0) for Chromebooks (Acer AC700, Samsung Series 5 550, Samsung Series 3, and Cr-48) and Samsung Chromebox Series 3. This build contains a number of UI, functional and stability improvements.
Highlights of these changes are:

Fixed Crash when closing maximized window via Ctrl+W (147635)

Fixed Instant search (148578)

UI improvements

Known Issues:

34334 - External display gets cropped after resume from sleep

147666 - File Manager downloads "open" button missing. Workaround: Right click to open

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.
Ben Henry & Josafat GarciaGoogle Chrome

Dev Channel Update

Thursday, September 20, 2012

All

Updated WebKit - 537.11
Fixed simultaneous audio playback is broken (Issue: 150003)
Fixed bug with Web Intents and non-sticky defaults (Issue: 148740)
Audio may drop out under certain play / pause cycles. (Issue: 150702)

More details about additional changes are available in the svn log of all revision.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

The Dev channel has been updated to 23.0.1271.1 for Windows, Mac, Linux, and Chrome Frame platforms
All

Updated WebKit - 537.11

Fixed simultaneous audio playback is broken (Issue: 150003)

Fixed bug with Web Intents and non-sticky defaults (Issue: 148740)

Audio may drop out under certain play / pause cycles. (Issue: 150702)

More details about additional changes are available in the svn log of all revision.
You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry
Karen Grunberg
Google Chrome

Beta Channel Update

Wednesday, September 19, 2012

The Beta channel has been updated to 22.0.1229.64 for Windows, Mac, and Linux. A complete log of what changed can be found in the svn revision log. Instructions and download links for our different release channels are available on the Chromium wiki. If you find what you think is a new bug, please file it in our issue tracker.

Jason Kersey
Google Chrome

Dev Channel Update

Tuesday, September 18, 2012

The Dev channel has been updated to 23.0.1270.0 for Windows, Mac, Linux, and ChromeFrame platforms

All

Updated V8 - 3.13.7.1

Fixed playback of multiple audio streams with Pepper Flash, WebRTC, and WebAudio.

Fixed crash when attempting to play audio without a sound card or via remote desktop.

Media Galleries Extension API should work on all platforms, though permission format has changed.

Chrome will automatically check for captive portals when showing SSL interstitials or when an HTTP server responds to an HTTPS request.

Windows

Now Chrome on Windows 8 uses a single profile regardless if running on desktop or metro mode. A new menu item has been added to switch mode which cause a relaunch.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen GrunbergGoogle Chrome

Beta Channel Update

Thursday, September 13, 2012

The Beta channel has been updated to 22.0.1229.56 for Windows, Mac, and Linux. A complete log of what changed can be found in the svn revision log. Instructions and download links for our different release channels are available on the Chromium wiki. If you find what you think is a new bug, please file it in our issue tracker.

Jason Kersey
Google Chrome

Chrome for Android Update

Wednesday, September 12, 2012

The stable channel of Chrome for Android has been updated to 18.0.1025308. It is now available for download on Google Play and in the Google Play Store on your mobile devices, on Android 4.0, Ice Cream Sandwich, or later. The new update includes important security and stability fixes.
Security fixes and rewards:Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$500] [138210] Medium Information and credential disclosure by file:// URLs. Credit to Artem Chaykin.

[$500] [138035] Medium Current-tab cross-application scripting (UXSS). Credit to Artem Chaykin.

[$500] [144813] Medium UXSS via Intent extra data. Credit to Takeshi Terada.

[$500] [144820] Medium Information and credential disclosure by file:// URLs. Credit to Takeshi Terada.

[$500] [137532] Medium Android APIs exposed to JavaScript. Credit to Takeshi Terada.

[$500] [144866] Medium Bypassing same-origin policy for local files with symlinks. Credit to Takeshi Terada.

[$500] [141889] Medium Cookie theft by malicious local Android app. Credit to Takeshi Terada.

Known issues are available on the Chrome support site. If you find a new issue, please let us know by filing a bug. More information on Chrome for Android is available on the Chrome site.
Jason KerseyGoogle Chrome

Dev Channel Update for Chrome OS

Wednesday, September 12, 2012

Highlights of these changes are:

Updated Pepper Flash to version 11.3.31.329

Application launcher improvements

Photo import improvements

Desktop support improvements

Notification improvements

Known Issues:

34334 - External display gets cropped after resume from sleep

145312 - Black screen on boot sometimes when using external monitor. Workaround: Restart system

148432 - Maximizing an app window results in a blank screen. Workaround: Press Alt+tab or switch window key

148578 - Instant search not working

147635 - Crash when closing maximized window via Ctrl+W
147666 - File Manager downloads "open" button missing. Workaround: Right click to open

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Ben Henry & Josafat Garcia

Google Chrome

The Dev channel has been updated to 23.0.1262.2 (Platform version: 2876.0.0) for Chromebooks (Acer AC700, Samsung Series 5 550, Samsung Series 3, and Cr-48) and Samsung Chromebox Series 3. This build contains a number of UI, functional and stability improvements.
Highlights of these changes are:

Updated Pepper Flash to version 11.3.31.329

Application launcher improvements

Photo import improvements

Desktop support improvements

Notification improvements

Known Issues:

34334 - External display gets cropped after resume from sleep

145312 - Black screen on boot sometimes when using external monitor. Workaround: Restart system

148432 - Maximizing an app window results in a blank screen. Workaround: Press Alt+tab or switch window key

148578 - Instant search not working

147635 - Crash when closing maximized window via Ctrl+W

147666 - File Manager downloads "open" button missing. Workaround: Right click to open

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.
Ben Henry & Josafat Garcia Google Chrome

Beta Channel Update

Tuesday, September 11, 2012

The Beta channel has been updated to 22.0.1229.52 for Windows, Mac, and Linux. A complete log of what changed can be found in the svn revision log. Instructions and download links for our different release channels are available on the Chromium wiki. If you find what you think is a new bug, please file it in our issue tracker.

Jason Kersey
Google Chrome

Dev Channel Update

Monday, September 10, 2012

The Dev channel has been updated to 23.0.1262.0 for Windows, Mac, Linux, and ChromeFrame platforms

All

Updated V8 - 3.13.6.0

Updated WebKit - 537.10

All

Fix top crashes (Issue: 142388, 146606)

Mac

Make the favicons for chrome:// URLs high DPI (Issue: 145228)

Linux

Make the new sandbox more robust when denying socket calls.

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen GrunbergGoogle Chrome

Beta Channel Update

Thursday, September 6, 2012

The Beta channel has been updated to 22.0.1229.39 for Windows, Mac, and Linux. A complete log of what changed can be found in the svn revision log. Instructions and download links for our different release channels are available on the Chromium wiki. If you find what you think is a new bug, please file it in our issue tracker.

Jason Kersey
Google Chrome

Beta Channel Update for Chrome OS

Thursday, September 6, 2012

Highlights of these changes are:

Wifi stability fixes

Fixed 137357 - 3G roaming disabled notification does not accurately reflect roaming status

Fixed 140909 - Right click on items in file manager now shows appropriate actions for filetypes

Fixed 143577 - Offline page re-load was being triggering too early

Updated Pepper Flash

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Danielle Drew
Google Chrome

The Beta channel has been updated to 22.0.1229.33 (Platform version: 2723.63.0) for Chromebooks (Acer AC700, Samsung Series 5 550, Samsung Chromebook Series 3, and Cr-48) and Samsung Chromebox Series 3. This build contains a number of functional and stability improvements.
Highlights of these changes are:

Wifi stability fixes

Fixed 137357 - 3G roaming disabled notification does not accurately reflect roaming status

Fixed 140909 - Right click on items in file manager now shows appropriate actions for filetypes

Fixed 143577 - Offline page re-load was being triggering too early

Updated Pepper Flash

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Danielle Drew
Google Chrome

Dev Channel Update

Tuesday, September 4, 2012

The Dev channel has been updated to 23.0.1255.0 for Windows, Mac, Linux and ChromeFrame platforms

All

Fixed a crash which occurred when scavenging sessionStorages. (Issue: 145068)

Packaged Apps can now request access to local media folders.

Windows
Fixed a bug causing Chrome shortcuts to stop working on Windows 8 after an update. (Issue: 143338)

Can't scroll down by entering space after switching tab when IME is enabled (Issue: 80772)

Can't type Japanese/Korean into a text field in a Flash application on Window Vista/7 using MS Japanese IME and MS Korean IME (Issue: 75556)
Mac

Fix crash when playing video on MB retina (Issue: 141541)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

Chrome Releases

Dev Channel Update for Chrome OS

Dev Channel Update

Chrome for Android Update

Chrome OS Management Console Update

Beta Channel Update

Dev Channel Update for Chrome OS

Dev Channel Update

Stable Channel Update

Stable Channel Update

Chrome for iOS Update

Dev Channel Update for Chrome OS

Dev Channel Update

Beta Channel Update

Dev Channel Update

Beta Channel Update

Chrome for Android Update

Dev Channel Update for Chrome OS

Beta Channel Update

Dev Channel Update

Beta Channel Update

Beta Channel Update for Chrome OS

Dev Channel Update

Labels

Archive