Stable Channel Update
Tuesday, January 14, 2014
The Chrome Team is excited to announce the promotion of Chrome 32 to the Stable channel. 32.0.1700.76 for Windows and Chrome Frame and 32.0.1700.77 for Mac and Linux. This release contains a number of fixes and improvements, including:
This update includes 11 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$1000][249502] High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne.
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Flash Player has been updated to 12.0.0.41, which is included w/ this release.
Security Fixes and Rewards
Security Fixes and Rewards
This update includes 11 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$1000][249502] High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne.
[$1000][326854] High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG.
[$1000][324969] High CVE-2013-6642: Address bar spoofing in Chrome for Android. Credit to lpilorz.
[$1000][324969] High CVE-2013-6642: Address bar spoofing in Chrome for Android. Credit to lpilorz.
[$5000][321940] High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio.
[318791] Medium CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani.
As usual, our ongoing internal security work responsible for a wide range of fixes:
Many of the above bugs were detected using AddressSanitizer.
Known issues
Karen Grunberg and Daniel Xie
Google Chrome
[318791] Medium CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani.
As usual, our ongoing internal security work responsible for a wide range of fixes:
- [333036] CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives.
Many of the above bugs were detected using AddressSanitizer.
Known issues
- Keyboard input is not working correctly in Windows 8 metro mode. This may impact IMEs, RTL layouts. (164964)
- Trackpad users may not be able to scroll horizontally. (332797)
- Drag and drop files into Chrome may not work properly. (332579)
- Closing Tab by pressing the ‘x’ button may not work. (332334)
- On some machines the browser UI can flicker when resizing the window. (305432)
- Opening another profile using the profile icon switcher in Win8 mode results in the new window being opened on the Desktop instead of in Win8 mode. (325919)
- Chrome conflicts with Norton Software including Identity Safe Toolbar. (327110)
- Windows 8 mode is not yet supported on HiDPI devices and Windows 8 mode is not supported on machines without hardware acceleration (160457 and 332503).
- Using Nvidia's Stereoscopic 3D feature turns Chrome pink. Users should disable this feature in Nvidia's control panel to restore normal functionality(319115).
Karen Grunberg and Daniel Xie
Google Chrome