Tuesday, July 9, 2013

Stable Channel Update

Update: We are separately updating users to Flash Player 11.8.800.97 via our component updater.

The Stable channel has been updated to 28.0.1500.71 for Windows, Macintosh and Chrome Frame platforms.

Security fixes and rewards:


Please see the Chromium security page for more information. (Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.)


This automatic update includes security fixes. We’d like to highlight the following fixes for various reasons (crediting external researchers, issuing rewards, or highlighting particularly interesting issues):


  • [$21,500] A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.
  • [252216] Low CVE-2013-2867: Block pop-unders in various scenarios.
  • [252062] High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets.
  • [252034] Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets.
  • [245153] Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team.
  • [$6267.4] [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.
  • [$3133.7] [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris.
  • [$2000] [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.
  • [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.
  • [$1000] [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.
  • [Windows + NVIDIA only] [$500] [237611] Medium CVE-2013-2874: Screen data leak with GL textures. Credit to “danguafer”.
  • [$500] [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.
  • [229504] Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe.
  • [229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.
  • [196636] None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson.
  • [177197] Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG.


In addition, our ongoing internal security work was as usual responsible for a wide range of fixes:
  • [256985] High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives (Chrome 28).


Full details about what changes are in this build are available in the SVN revision log and the Chrome Chrome Blog. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge

Google Chrome

45 comments:

Rafael Hilário said...

Finally after several months the stable version of Google Chrome 28 with the first stable version of the new engine was launched blink. Congratulations Google team.

Heinrich Witt said...

But why the hell is shipped with an old version of Flash?

Andrea Cicchi said...

this version of google chrome is very stable. But how come the flash player is not the version 11.8? I would understand, because even in the previous version of google chrome there was a version of the flash player that is slightly more updated is 11.7.700.225.

Ariesk said...

Congrats on releasing the new Chrome 28 that use the new Blink engine that is being worked on together with Opera. However. For the love of god. Update the Flash Player

Sky Ong said...

same old flash version 11.7.700.225 here ... :(

Andrea Cicchi said...

the version of the flash player is 11,7,700,203 and is not the 11.7.700.225. they have to upgrade to version 11.8 which is now stable. is out today for all browsers.

fikrishare.com said...

great, thank you very much

Andrea Cicchi said...

Not at all!

Pierre Alexandre Lévesque Dumais said...

same old flash version ... :(

Flash plugin 11.7.700.203 /opt/google/chrome/PepperFlash/libpepflashplayer.so
Flash plugin 11.2 r202 /usr/lib/flashplugin-installer/libflashplayer.so (disabled)

Kevin Lööw - Balderud said...

Yeah why skip the flash update? :O

Heinrich Witt said...

Just now came the Flash update to 11.8.800.97

Blaster219 said...

Updated to ver 28.

ALL my toolbar buttons are now hidden by a dropdown menu.

How did that happen. How do I get them back?

Tom said...

Update to Chrome 28 stable...there's no sign of the new notification center anywhere...???

seanlam23 said...

@Blaster219 just drag the border of the omnibox.

Gordon Hawley said...

How do we get the newest Flash? I'm still stuck with the older 11.7.700.203 which is ridiculous. Why downgrade the Flash when you update Chrome.

laforge@chromium said...

There were a few stability issues w/ 11.8.800.96, which just got resolved this morning. We in the process of updating users to 11.8.800.97 via the component updater over the next few days to ensure that we are providing a good/ stable experience (also updated the blog post to that effect).

Gordon Hawley said...

Thank you for the update on the Flash issue. It's just frustrating not knowing what is going on. Now we know.

Rafael Hilário said...

Update to Chrome 28 stable...there's no sign of the new notification center anywhere...???

Alexander Kuzmin said...

disable-new-menu-style doesn't work anymore... Very sad.

Rafael Hilário said...

What is this new style menu Google Chrome is my usual think is missing features not seen anything new in this version except the engine blink else remains the same.

Maxiz said...

Can Google make the menu style option for "Old and the New one"? So just we can change it when u want. This is sad theres no choice for user to customize. For most desktop user, the new menu style is taking too much space and annoying somehow. I like chrome but...

Marchiote said...

How can I update pepper flash manually "forced"?
Here it's still old flash version.

Tony Barnes said...

Please fix this all pages are blank on my end in metro mode it docent even work. i uninstalled re installed no go. i even went as far as a system restore thinking maybe windows update did it no go. Please fix this it is unusable on my end i hate going to the desktop to just use a browser. the previous version worked great.

Tony Barnes said...

please fix this i cant use chrome in metro mode all of it is broke please fix i hate this desktop drop thing. please bring back chrome metro why is it not working why are all pages blank and say unresponsive.

Alex Schedar said...

I also agree with "Can Google make the menu style option for "Old and the New one"? So just we can change it when u want. This is sad theres no choice for user to customize. For most desktop user, the new menu style is taking too much space and annoying somehow."

Ashley Sommer said...

I cant seem to enable QUIC on this release. The #enable-quic option of flags page is not there, and the --enable-quic launcher switch doesnt work.

database error... said...

winxp 32bit, chrome release channel, version 28, still old pepperflash

whats wrong?

Adobe Flash Player (2 files) - Version: 11.7.700.225 (Disabled)
Shockwave Flash 11.7 r700
Name: Shockwave Flash
Description: Shockwave Flash 11.7 r700
Version: 11.7.700.225


i have disabled it for now

Alex Schedar said...

database error...,
In the beginning of the post said:
Update: We are separately updating users to Flash Player 11.8.800.97 via our component updater.
And when, and to whom?

Jenn said...

I'm getting an Aw Snap page with 28. I've tried removing and reinstalling and Chrome is still not working. What happened?

phi2x said...

From what I can see, there are still a lot of problems in Chrome.

Look at these examples:
http://cpcbox.com/blink-bug.htm
http://cpcbox.com/bench.htm

Jim D said...

Why are my extensions now part of a hidden drop down???

Extensions such as Gmail Notifier don't work very well when hidden.

Alon Gothshmidt said...

Looks like JPEG2000 is not supported in Chrome, why does it need to handle it at all?

madhunt3r said...

WTF? Where is smooth scrolling on OSX like Chrome 27??

Deepak Last said...

Im running Version 28.0.1500.71 m but still stuck with adobe flash player version 11.7.700.225...any ideas why?

Mario said...
This comment has been removed by the author.
mad madrasi said...

hmmm. Flash Player 'yup'dated to 11.8.800.97. But Adobe's flash download page still says latest version for Win is 11.8.800.94.
LOL.

doelf said...

On two of my machines - Windows 64 bit, Intel Core i7-920/960X, 12 GB RAM - Chrome does not load anything anymore - not even chrome://settings/ ! The windows stays white and unresponsive. I updated Chrome using the build in function. Even a new install won't help.

screenshot:
http://www.au-ja.de/bilder/2013/chrome-28.0.1500.71-not-loading-anything.jpg

more info:
http://forum.au-ja.de/viewtopic.php?f=19&t=44381

Gavlar said...

getting an 'aw snap' error when trying to do anything in this version of chrome using old_chrome works. Anyone else?

Tony Barnes said...

issue not fixed i still have to use chrome 27 i need fix i need fix i need fix.

Rafael Hilário said...

I saw no central notification on my Windows 8 pro anything new in Google Chrome 28 stable unless the engine is now blink.

Luboš Motl said...

The notification center isn't any item in manus: it is a new library that extensions may use to send notifications. Try Checker Plus for Gmail, Notifier for Twitter, and so on.

The extensions in the drop down menu may be restored. Just position the mouse on the proper place left from the >> arrow for the drop down menu, and the cursor will become a left-right arrow, allowing you to move the boundary to the left. Go left. You should understand the rest.

Rafael Hilário said...

Thank you Luboš Motl was the one who explained to me how the central notifications funicona Google Chrome 28 stable working right now actually think Google Chrome should give a better explanation to users how the new notifications center.

muhammad kumail said...

Earn Money Launch a New Earning System on Facebook, the best Social Media Website where you can share some fun and earn with us, Share some pictures on Facebook and earn on every pictures you post or share. Unlimited Facebook Wall Sharing and Unlimited Earning.
Earn with Making Facebook Ids, Make Unlimited Facebook Ids and Get 10$ on Every FB Id.
jobzcorner.com

Musa Kocaman said...

Türkiye'nin ve dünyanın her yerine tatil fırsatları planınızı yapabilirsiniz.

Maxiz said...
This comment has been removed by the author.