Monday, April 30, 2012

Stable Channel Update


The Chrome Stable channel has been updated to 18.0.1025.168 on Windows, Mac, Linux and Chrome Frame.  


Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz.
  • [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by  wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
  • [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
  • [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano.
  • [$1000] [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz.

The bugs [106413], [117110] and [121899] were detected using AddressSanitizer.



Full details about what changes are in this release are available in the SVN revision logInterested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

10 comments:

eLDuRo said...

Awesome update! The Chrome team on top of their game like always! Love it! =)

Mainman678 said...

I am hoping this is finally a crash free browser. I hope Google Chrome team finally got it right. I will report back if any crashes.

Mainman678 said...

Reporting back.It still gets shockwave crashes sometimes. I guess thats just unavoidable for google chrome. Still a great browser though.

Douglas Roberts said...

Looks like you fixed the major flashplayer bugs that plagued the last couple of releases: no more blue faces, and it is finally not crashing 99% of the time with hardware acceleration turned on for those of us with Nvidia gpus.

Great job!

Douglas Roberts said...

I spoke too soon: the flashplayer still crashes if you have an nvidia graphics chipset, and you have hardware acceleration for plashpalyer turned on.

Peter said...

I read too much about bugs in Google Chrome browser. Have you ever heard about TESTING, Chrome-team ?
It is a bloody shame that your browser needed to be updated 5x in one month !!!

hotchka said...

Bold fonts still look terrible on some sites, Google News is one of them?! what the...

hotchka said...

anybody? I had to revert back to version 17.0.963.83, which displays the fonts fine...

Hobot said...

This release is stable. Stable for crash! Comparing for previous ones. Thank you very much!

brainiac.dc.5 said...

Since this update I can personnalize my tumblr blog with Chrome : that's way easier ! Thanks (at least ;) )