Wednesday, September 30, 2009

Stable Channel Update

3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release.

Security Fixes:

CVE-2009-0689 dtoa() error parsing long floating point numbers

The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.

Mitigations:
  • A victim would need to visit a page under an attacker's control.
  • Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.


Monday, September 28, 2009

Beta Channel Update


The beta channel has been updated to 3.0.195.24


This update contains the following:
  • A fix to two significant history related crashing bugs 16591 and 21377.
  • A fix where PAC scripts would fail to parse if they ended with a comment and no new line 22864.
  • Corrected an issue where tabs would flash,for a split second, if multiple tabs were opened at the same time 20831.
  • Fixed an issue which prevented proper logins to CNET 22181.
Anthony Laforge
Google Chrome Program Manager

Thursday, September 24, 2009

Dev Channel Updated: Bug fixes


Version: 4.0.212.1 for Macintosh and 4.0.213.1 for Windows and Linux.

All Platforms
  • [r26815] New-FTP: Requires re-authentication when navigating around. (Issue: 21184)
  • [r26860] [DEPS] Move FTP LIST parsing code to the renderer process, limiting potential damage from security issues.
Windows
  • Issues with drop down select boxes fixed.
  • [r26359] BiDi-language filenames now displayed correctly in download shelf. (Issue: 10860)
Mac
  • Extension shelf (that weird gray box at the bottom) is only displayed if you have extensions installed.
  • [r26495] Add Command-0..8 shortcuts to "select Nth tab" and Command-9 to "select last tab".
  • [r26694] Basic emacs key bindings in text fields should work. (e.g., ctrl-e, ctrl-a, ctrl-d) (Issue: 12538)
  • [r26603] Paste-and-Go for Mac omnibox, cleaned up omnibox context menu. (Issues: 1302110937)
  • [r26471] Form controls now draw correctly in 10.6. (Issue: 19604)
  • [r26646] Search Engine Manager UI improved.
  • [r26567] Find bar now animates open and close.
  • [r26527] Pressing Up/Down arrows in find bar now scrolls page.
  • [r26853] Empty bookmark bar should show IDS_BOOKMARKS_NO_ITEMS. (Issue: 17360)
  • [r26792] Add favicons to items in folders on the bookmark bar. (Issue: 22601)
Linux
  • Issues with drop down select boxes fixed.
  • [r26590] "Create application shortcuts" doing nothing: More reliably find the .desktop file for the browser. (Issue: 21995)
  • [r26647] Implement GetCPUUsage() so the task manager shows CPU. (Issue: 19864)
  • [r26891] Added download in progress dialog. (Issue: 21652)
Extensions
  • [r26526] Fix crashy toolstrips. (Issues: 2207022135)
  • [r26532] Audio and video tag doesn't work for extension resources. (Issue 22152)
  • [r26685] Fix an issue where we do not initiate the extension install UI with certain combinations of HTTP headers.
  • [r26556Introduce chrome.tabs.executeScriptInTab() and chrome.tabs.insertCSSInTab(). (Issue: 12465)
  • [r26706] Hide the mole handle by default. (Issue: 15494)
  • [r26658] Remove the right-click devtools behavior. (Issue: 20634)
  • [r26654] Add CSS classes to the document when switching between toolstrip and mole mode.
  • --show-extensions-on-top works pretty well now (on windows). Try it out!
Sync
  • Sync library now built entirely from trunk.
Known Issues
  • (Issue 22585) - CMD+Down, CMD+Up no longer scrolling to top/bottom of page on Mac.
  • One machine in our QA group is seeing blank pages on Facebook.  (Issue 22978)


More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt
Engineering Program Manager

Friday, September 18, 2009

Dev Channel Update

UPDATE: 2009-09-22 - 4.0.211.7 is being pushed to Windows.  It contains 2 fixes, the first resolves the issue which prevented large downloads and the second is a stability fix which should resolve a number of crashes (bug 22135). Thank you for you again for your patience.


UPDATE: 2009-09-19 - 4.0.211.4 is being pushed to Windows and resolves this issues with bookmark synchronization. Thank you for your patience.

UPDATE: THIS RELEASE HAS BEEN HALTED DUE TO A CRASHING ERROR WITH --enable-sync.


This week's changes for the dev channel, 4.0.211.2, is being released to all platforms.

  • All
  • Win
    • Ensure that tips change when the Chrome language changes. [r25834]
  • Mac
    • Import from Firefox no longer hangs. [r25174]
    • Added SSL icons. [r26307]
    • Implement the search engine manager. [r26078]
    • Allow windows with a single tab to be merged into other windows with drag and drop.
    • Allow Snow Leopard systems to connect to certain IPv6-enabled web sites when only IPv4 is available. [r26051]
    • Prevent a sad tab when loading certain images on Snow Leopard. [r26089]
    • Don't show "Google Chrome did not shut down properly" when quit from the Dock, logout, restart, or shut down. [r26269]

  • Linux:
    • Make the bookmark toolbar folders act like a menu bar. [r25677]
    • Bookmark bar shows a menu on too many bookmarks. [r25200]
    • Implement external protocol handler dialog (e.g. for aim: URLs).[r25373]
    • Extensions can register page actions. [r25934]
    • Fix a crash when closing tabs that have open login prompts. [r26066]
    • Work around a Flash crash that mostly affects Gentoo users. [r26265]

  • Extensions
    • Enable/disable extension button on chrome://extensions
    • Update extensions now button to force autoupdate check on chrome://extensions
    • chrome.window and chrome.tab APIs can now reference relative URLs inside an extension

Known issues:

  • All
    • Large files do not download completely - bug 406
  • Linux:
    • Cannot be set as the default browser in GNOME (Already fixed by [r26314, r26316]).


More details about additional changes are available in the svn log of all revisions.



You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.



If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.


Anthony Laforge

Google Chrome Program Manage

Tuesday, September 15, 2009

Stable Channel Update




3.0.195.21 has graduated from Beta to the Stable channel today.

This release includes themes support, a brand new New Tab page, an updated omnibox, support for audio and video tags, and a higher performing V8 engine.

You can read more about it here.

Anthony Laforge
Google Chrome Program Manager

Security Fixes:

We would like to extend special thanks to Will Dormann of CERT for working with us to improve the security of the new audio and video codecs in this release.

CVE-2009-XXXX  Content-Type: application/rss+xml being rendered as active content

Previously, we rendered RSS and Atom feeds as XML.  Because most other browsers render these documents with dedicated feed previewers, some web sites do not sanitize their feeds for active content, such as
JavaScript.  In these cases, an attacker might be able to inject JavaScript into a target web site.

More info: 
http://code.google.com/p/chromium/issues/detail?id=21238
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: Medium.  Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds.

Credit: Inferno of SecureThoughts.com


Mitigations:

  • A victim would need to visit a page under an attacker's control.
  • The target web site would need to let the attacker inject JavaScript into an RSS or an Atom feed.

CVE-2009-XXXX  Same Origin Policy Bypass via getSVGDocument() method

The getSVGDocument method was lacking an access check, resulting in a cross-origin JavaScript capability leak.  A malicious web site operator could use the leaked capability to inject JavaScript into a target web site hosting an SVG document, bypassing the same-origin policy.

More info: 
http://code.google.com/p/chromium/issues/detail?id=21338
(This issue will be made public once a majority of users are up to date with the fix.)

Severity: High

Credit: Isaac Dawson


Mitigations:

  • A victim would need to visit a page under an attacker's control.
  • The target web site would need to host an SVG document.

Monday, September 14, 2009

Beta Channel Update



The Windows Beta channel has been updated to 3.0.195.21.

This release includes some minor fixes:
  • A fix for issue 3380 which caused the browser to lose focus in certain conditions after installing a theme.
  • Fix About box truncation in some locales when a new version is available.

You can install the current Beta channel release from
http://www.google.com/intl/en/landing/chrome/beta/.

Anthony Laforge
Google Chrome Program Manager

Friday, September 11, 2009

Beta Update

The Windows Beta channel has been updated to 3.0.195.20.

This release includes better international support and stability/bug fixes for the New Tab page and themes support.

You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.


Anthony Laforge
Google Chrome Program Manager

Thursday, September 10, 2009

Dev Channel Update: Bug fixes for Mac and Linux


This week's changes for the dev channel focus on bug fixes as well as a new defense for cross-site scripting attacks.

Version: 4.0.207.0 for Mac and Linux.


All:
  • Reflective XSS filter for better security against a common attack.  See the mailing list post for more information.
  • Fixed extraneous horizontal scrollbars in Gmail (Issue: 7976)

Mac:
  • [r25560], [r25475], [r25478] Tweaks to the Omnibox look.
  • [r25182] Fix zoom (green maximize) button. (Issue: 17472)
  • [r25380] Adjust color spaces so that Mac Chrome renders colors properly. (Issues: 2055219951)
  • [r25167] Don't show favicons or throbbers for the New Tab page on the Mac. (Issues: 1333720378)
  • Uploading images with "Hide extension" set does now work. (Issue: 20857)

Linux:
  • [r25373] Add external protocol dialog for Linux. (Issue: 20731)
  • [r25100] Handle external protocols, e.g. mailto: links. (Issue: 20696)
  • [r25125] Fix crash when switching to a tab containing audio/video elements. (Issues: 20138, 19677)

Extensions:
  • [r25293] Added an auto-update now button to chrome://extensions page. (Issue: 17853)
  • [r25253] Fix crash on Mac when pressing "load unpacked extension" in chrome://extensions page. (Issue: 20860)

More details about additional changes are available in the svn log of all revisions.



You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

Jonathan Conradt
Engineering Program Manager

Tuesday, September 8, 2009

Beta Channel Update

The Windows Beta channel has been updated to 3.0.195.17.


More stability/ bug fixes pertaining to the New Tab page, the omnibox, video tag, and themes support.


You can install the current Beta channel release from http://www.google.com/intl/en/landing/chrome/beta/.


Anthony Laforge
Google Chrome Program Manager

Friday, September 4, 2009

Dev Channel Updated with fixes and extension changes


The dev channels have been updated to 4.0.206.1.

  • All Platforms
    • [r24663Closing the download shelf removes all completed and cancelled downloads from it. (Issue: 15712)
    • [r24331Fixes various audio/video events which were not firing. (Issues: 2015216768)
      • [r24519] Saved passwords for proxy servers are now correctly labeled. (Issue: 12992)
      • [r24384] Add single line of tips to New New Tab Page.  (Issue: 19162)
    • Mac
      • [r24241HTTP Auth dialog autofills passwords.
      • New Tab Page displays much faster. (Issue 13337)
      • [r23722r23955] Improved scrolling and display performance, particularly on machines without powerful graphics hardware (such as laptops)
      • [r24621] Plugins starting offscreen will draw correctly when they scroll into view (Issue 20234)
    • Linux
      • [r24241HTTP Auth dialog autofills passwords.
      • [r24558] Fix the find bar so the match count is inside the entry. (Issue: 17962)
      • [r24831] Now respects both GNOME and KDE proxy settings. (Issue: 17363)
      • [r24930] Implemented "Confirm form resubmission" dialog. (Issue: 19761)
      • [r24454] Don't paste primary selection when middle clicking scrollbars. (Issue: 16400)
      • [r24287] Fix inability to select Times New Roman in font options with some versions of Pango. (Issue: 19823)
      • [r24903r25007] Fixed tab dragging on 64-bit. (Issue: 20513)
      • [r25039] Fixed 64-bit JavaScript crash on some CPUs. (Issue: 20789)
    • Extensions
      • Two breaking changes (see mailing list post for more information):
        • [r24816] Enforce granular permissions
        • [r24770] Modified several APIs to be more consistent
      • [r24539] Polish the look of Linux extension shelf. (Issue: 16759)
      • [r24599] Polish extension install UI.
      • [r24864] Allow extension toolstrip to detach. (ctrl+alt+b)
      • [r24871r24877] Polish chrome://extensions/ page. Add convenience developer tools to load an extension and pack an extension.

          More details about additional changes are available in the svn log of all revisions.

          You can find out about getting on the Dev channel here: http://dev.chromium.org/getting-involved/dev-channel.

          If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry.

          Jonathan Conradt
          Engineering Program Manager