Chrome 17.0.963.46 Stable released

By still1
in Back Page News

 Share

Recommended Posts

Grand Master

still1

Posted
Posted
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including:
  • New Extensions APIs
  • Updated Omnibox Prerendering
  • Download Scanning Protection
  • Many other small changes

Security fixes and rewards:

Please seethe Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

  • [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
  • [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
  • [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
  • [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
  • [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
  • [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
  • [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
  • [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
  • [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
  • [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
  • [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
  • [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
  • [109664] Low CVE-2011-3965: Crash in signature check. Credit to S?awomir B?a?ek.
  • [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
  • [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
  • [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
  • [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
  • [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
  • [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
  • [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).

The bugs [105459], [106441], [108416], [108901], [109716], [109743], [110112], [110277], [110374] and [110559] were detected usingAddressSanitizer.

In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, S?awomir B?a?ek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.

http://googlechromer...nel-update.html

Link to comment
https://www.neowin.net/forum/topic/1056850-chrome-17096346-stable-released/
Share on other sites
Grand Master

still1

Posted
  • Author
Posted

This has the webRequest API so blocking video ads with an adblock extension should work as good as Firefox now.

yes, thats an awesome feature. I was waiting for download protection. it protects all those stupid people who download and install what ever they find in the internet.

Grand Master

still1

Posted
  • Author
Posted

The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash. More info on the Flash update is available from Adobe.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [105803]HighCVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
  • [$500] [106336] MediumCVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
  • [$1000] [108695]HighCVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
  • [$1000] [110172]HighCVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
  • [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
  • [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
  • [$1000] [111779] HighCVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
  • [112236] MediumCVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
  • [$500] [112259] MediumCVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
  • [112451] LowCVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
  • [$500] [112670] MediumCVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to S?awomir B?a?ek.
  • [$1337] [112822] HighCVE-2011-3026: Integer overflow / truncation in libpng. Credit to J?ri Aedla.
  • [$1000] [112847]HighCVE-2011-3027: Bad cast in column handling. Credit to miaubiz.

http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

  • 3 weeks later...
Grand Master

still1

Posted
  • Author
Posted
The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of issues including:
  • Cursors and backgrounds sometimes do not load (bug 111218)
  • Plugins not loading on some pages (bug 108228)
  • Text paste includes trailing spaces (bug 106551)
  • Websites using touch controls break (bug 110332)

Along with these fixes, the release contains an updated version of the Adobe Flash player. More information on Flash updates is available from Adobe.

Security fixes and rewards:

Firstly, we have some special rewards for some special bugs!

  • [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
  • [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
  • [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.

To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn?t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we?re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn?t be possible without the aggressive bug hunting of the wider community.

Please seethe Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
  • [$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
  • [$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
  • [$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
  • [$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
  • [$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
  • [$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
  • [$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
  • [$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
  • [$500] [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
  • [$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
  • [$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
  • [$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
  • [$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.

The majority of the above bugs were detected using AddressSanitizer, which rocks.

More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html

  • 2 weeks later...
Grand Master

still1

Posted
  • Author
Posted
Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

[$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.

[116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.

[$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.

[116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.

[$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.

[117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.

[117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.

[$2000] [117550] High CVE-2011-3056: Cross-origin violation with ?magic iframe?. Credit to Sergey Glazunov.

[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

[108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Ford execs say they made a mistake when they replaced human engineers with AI

      By Cenata8bit · Posted

      All these CEOs got the biggest boners thinking about firing employees for AI. Turned out it was just a wet dream.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By excalpius · Posted

      And the fact that the majority of people from Poland are white European Christians while the people you are complaining about in post after post are not is just a coincidence... Every sentence in your post I am replying to is racist nonsense. None of it is actually based on any facts whatsoever. All immigrants are seeking a better life too. It's literally the only reason they would risk everything and leave their homes, families, and homeland. They are working and contributing to the economy too, as you even admit. They get the same benefits your partner did AND that YOU are eligible for as well. That is one of the key things of the EU and a mark of a civilization. That is the definition of a society where everyone is given a chance, treated equally and fairly, and is judged by the content of their character, not their different skin color or which version of ignorant superstitious nonsense their parents lied about as children. Racists around the world said the same things about the Irish and Jews and Poles (like your partner) and...every other immigrant movement over the centuries. What's your family's heritage, by the way? Were your ancestors lied about with racist fearmongering crapola by self-entitled locals the same way as you are now? If someone like that said the same things about all people from Poland, like your partner, would they be right? Or would you want them to judge your partner based on who they actually were, not where they just happened to come from?
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By excalpius · Posted

      Again, this is an irrelevant attempt to attack the messenger. The truth does not require any justification.
    • I ANE

      By Barney T. · Posted

      Removed the blue and underline as you did not post a link. This would also  be considered spamming.
    • Why it's almost impossible to produce a smartphone in the United States

      By Hamid Ganji · Posted

      Why it's almost impossible to produce a smartphone in the United States by Hamid Ganji If you look at the back of some Apple products, you can see the famous phrase “Designed by Apple in California, Assembled in China.” This phrase appears on products from one of the largest smartphone brands in the United States. These products are designed in the U.S., but their manufacturing takes place in China, India, Vietnam, or even Brazil. But why can’t Apple, as one of the largest American tech companies, produce its iPhones on U.S. soil? The idea for this topic came to me after the Trump Foundation launched a smartphone called the T1 and claimed that it was designed and built with American values in mind. However, this claim did not last long, as it was revealed that Trump’s phone was actually a rebranded HTC U24 Pro, with only a gold case and minor internal component changes. You see? Even a phone that is supposed to represent American values is manufactured in China. With a gross domestic product (GDP) exceeding $32 trillion, the United States is currently the world’s largest economy, while China ranks second with around $20 trillion. On the other hand, the United States is by a wide margin the global leader in various technological fields, and American companies spend hundreds of billions of dollars annually on research and development. From Apple and Google to Microsoft, Lockheed Martin, Boeing, and others, American tech and industrial giants lead their foreign competitors in many sectors. The United States also has no shortage of smartphone brands. Apple, Google, and Motorola are among the major brands in the smartphone market, collectively holding a significant share. However, the vast majority of their products are manufactured outside the United States. So why is it that the world’s largest economy, home to the most advanced technology companies and industrial powers, cannot produce a smartphone on its own soil? Let’s explore this question together. Even threats to impose tariffs won’t work After Trump entered the White House as the 47th President of the United States, his administration adopted strict tariff policies. One of these policies was the imposition of a 25% tariff on smartphones manufactured outside the United States. Trump said he “had a little problem” with Apple CEO Tim Cook over producing smartphones outside the U.S. So he thought that threatening a 25% tax on imported phones might force Apple to bring manufacturing back to the United States. “I have long ago informed Tim Cook of Apple that I expect their iPhones that will be sold in the United States of America will be manufactured and built in the United States, not India, or anyplace else,” Trump wrote on Truth Social. Image via The White House Although Apple currently manufactures some of the iPhone’s chips in the United States with TSMC's help, it still shows no willingness to shift full iPhone production to the country. At the time, renowned Apple supply chain analyst Ming-Chi Kuo wrote on X, “In terms of profitability, it’s way better for Apple to take the hit of a 25% tariff on iPhones sold in the US market than to move iPhone assembly lines back to the US.” However, manufacturing a smartphone in the United States is not as easy as it might seem, and many technical and economic barriers are involved. The lack of necessary manufacturing hubs There is a clear reason why many companies prefer to manufacture their products in China. China has established itself as the main global manufacturing hub for international companies, and over the past few decades, large contract manufacturers have emerged there, allowing companies like Apple to outsource production. One such example is Foxconn, which also manufactures some Apple products in India. Building the infrastructure required to produce smartphones in the United States would require tens of billions of dollars in new investment. Factories would need to be built, essential manufacturing equipment would have to be installed, and, most importantly, a skilled workforce capable of operating these systems would need to be recruited and trained. The United States currently lacks the core infrastructure needed to manufacture smartphones, and for this reason, many companies prefer to outsource production to Chinese contractors rather than spend tens of billions of dollars to build that infrastructure, which is significantly more economically efficient. Additionally, building such infrastructure in the United States could take up to a decade, ultimately leading to a significant increase in the product's final price for consumers. Shortage of trained labor in the U.S. compared to China Decades of serving as a global manufacturing hub have allowed China to build a massive talent pool in the production sector that is almost unmatched worldwide. Today, if a company chooses to manufacture its products in China, it can be confident that the workers involved in production have years of experience in their respective roles and are capable of producing high-quality goods with minimal errors. Even if we assume that tens of billions of dollars were invested in building smartphone manufacturing infrastructure in the United States, finding skilled workers would remain highly challenging. Apple CEO Tim Cook visiting the iPhone 6 assembly line in China in 2014. Image: Tim Cook on X In a 2015 interview on CBS’s 60 Minutes, Tim Cook said the main reason Apple isn’t producing in the US is a lack of skills. "China put an enormous focus on manufacturing, in what you and I would call vocational kind of skills. The US over time began to stop having as many vocational kinds of skills. I mean you could take every tool and die maker in the United States and probably put them in the room that we're currently sitting in. In China you would have to have multiple football fields,” Cook said. Also, in 2017, at the Fortune Global Forum in Guangzhou, Cook once again emphasized the importance of highly skilled Chinese workers. “China has moved into very advanced manufacturing, so you find in China the intersection of craftsman kind of skill, and sophisticated robotics and the computer science world. That intersection, which is very rare to find anywhere, that kind of skill, is very important to our business because of the precision and quality level that we like. The thing that most people focus on if they’re a foreigner coming to China is the size of the market, and obviously, it’s the biggest market in the world in so many areas. But for us, the number one attraction is the quality of the people,” Apple CEO said. Higher labor costs in the United States Producing almost any product in the United States is more expensive than in many other countries, and one of the main reasons is the higher cost of labor in the U.S. According to the Bureau of Labor Statistics, median weekly earnings of full-time workers in the United States were $1,235 in the first quarter of 2026. Meanwhile, the average annual salary in China's private sector in 2025 was RMB 71,590 (US$9,961). In many parts of the world, the weekly wage of an American worker is equivalent to several months of income. Another important factor to consider is that in the United States, the workforce capable of working on a smartphone assembly line is highly specialized and therefore commands higher-than-average wages. According to an estimate by Bank of America, producing an iPhone in the U.S. is technically possible, but “iPhone cost can increase 25% purely on higher labor cost in the U.S.” However, this 25% increase applies only if final assembly is performed in the United States while components are still sourced from China or elsewhere. In this case, the price of a base iPhone would rise from $799 to around $1,000. But in another scenario, if Apple were to produce the required components for the iPhone within the United States, production costs could increase by more than 90%. Trump’s dream for a “Made in the USA” iPhone might never come true In a free-market capitalist economy, one of the primary responsibilities of any CEO is to maximize profit. Using Apple as an example, Tim Cook’s role is to maximize the company’s profits so that it can fund research and development for new products and invest in areas such as artificial intelligence, while also keeping shareholders satisfied. Therefore, it is entirely understandable that Apple would choose not to bring its manufacturing back to the United States and instead keep production in countries where labor is cheaper, and products can be manufactured at a lower cost, thereby maximizing its profit margins. What is your opinion about manufacturing smartphones in the United States? If you are an American citizen, would you be willing to pay hundreds of dollars more for a smartphone made domestically in the USA? Let us know in the comments.

  • Recent Achievements

    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well
    • One Month Later
      Excellence2025 earned a badge
      One Month Later
    • Week One Done
      Excellence2025 earned a badge
      Week One Done
    • Week One Done
      flexorcist earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      +Edouard
      196
    3. 3
      PsYcHoKiLLa
      153
    4. 4
      Steven P.
      72
    5. 5
      FloatingFatMan
      65
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!