Wednesday, May 23, 2012

Stable Channel Update

The Chrome Stable channel has been updated to 19.0.1084.52 on Windows, Mac, Linux and Chrome Frame.  

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).
  • [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.
  • [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).
  • [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).
  • [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.
  • [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.
  • [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.
  • [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).
  • [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Many of these bugs were detected using AddressSanitizer.

Full details about what changes are in this release are available in the SVN revision log. If you find a new issue, please let us know by filing a bug.



Anthony Laforge
Google Chrome

9 comments:

蓝风火火 said...

Updated

eLDuRo said...

I tried updating to the new version but it says 19.0.1084.46 is the latest version, What's going on with that? Is it going to be released later on today? Thanks

eLDuRo said...

Nevermind! Now I was able to update to the latest version, keep up the good job GUYS! I love Google Chrome!

Hannibal said...

LMDE x64, still old flash version. please update!

Pravit said...

My Logitech wireless mouse is not working in Chrome after the upgrade. Right clicking causes the menu to flicker briefly and disappear again and I can't click on my Bookmarks or the wrench icon without the menu flickering and disappearing again. Can't believe this was not caught in testing the release of such a widely used browser. I was also never notified of this upgrade or given the choice to upgrade or not.

Rafael said...

Other locking flaps, hangs when loading a page and I roll my pc is not Google Chrome for this concert please. thank you

grabacontroller said...

Chrome keeps crashing on me too. I am running Windows 7 Home Premium Service Pack 1. 32-Bit. AMD Athlon Dual Core Processor 4450B, 2.0GB RAM, NVIDIA Geforce 6150 LE

shimax said...

Now some encrypted PDF files can not be viewed properly because of this update even though they are harmless. Only the first pages is shown or all of pages are blank.

cf. http://code.google.com/p/chromium/issues/detail?id=129591

chotisri@gmail.com said...

Chrome Channel 19.0.1084.52 is beginning to tick me off. First, it eliminates all my extensions, then, it independently opens "Settings" in a tab of its own choosing, now, I find that it has changed my pre-selected search from Google.com to Google.co.th! I may be in Thailand, but what gives anyone the right to force me to use their selection of search engine?!?! The nerve of some people!