Chrome 17.0.963.46 Stable released

By still1
in Back Page News

 Share

Recommended Posts

Grand Master

still1

Posted
Posted
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including:
  • New Extensions APIs
  • Updated Omnibox Prerendering
  • Download Scanning Protection
  • Many other small changes

Security fixes and rewards:

Please seethe Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

  • [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
  • [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
  • [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
  • [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
  • [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
  • [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
  • [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
  • [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
  • [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
  • [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
  • [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
  • [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
  • [109664] Low CVE-2011-3965: Crash in signature check. Credit to S?awomir B?a?ek.
  • [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
  • [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
  • [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
  • [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
  • [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
  • [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
  • [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).

The bugs [105459], [106441], [108416], [108901], [109716], [109743], [110112], [110277], [110374] and [110559] were detected usingAddressSanitizer.

In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, S?awomir B?a?ek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.

http://googlechromer...nel-update.html

Link to comment
https://www.neowin.net/forum/topic/1056850-chrome-17096346-stable-released/
Share on other sites
Grand Master

still1

Posted
  • Author
Posted

This has the webRequest API so blocking video ads with an adblock extension should work as good as Firefox now.

yes, thats an awesome feature. I was waiting for download protection. it protects all those stupid people who download and install what ever they find in the internet.

Grand Master

still1

Posted
  • Author
Posted

The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash. More info on the Flash update is available from Adobe.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [105803]HighCVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
  • [$500] [106336] MediumCVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
  • [$1000] [108695]HighCVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
  • [$1000] [110172]HighCVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
  • [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
  • [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
  • [$1000] [111779] HighCVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
  • [112236] MediumCVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
  • [$500] [112259] MediumCVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
  • [112451] LowCVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
  • [$500] [112670] MediumCVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to S?awomir B?a?ek.
  • [$1337] [112822] HighCVE-2011-3026: Integer overflow / truncation in libpng. Credit to J?ri Aedla.
  • [$1000] [112847]HighCVE-2011-3027: Bad cast in column handling. Credit to miaubiz.

http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

  • 3 weeks later...
Grand Master

still1

Posted
  • Author
Posted
The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of issues including:
  • Cursors and backgrounds sometimes do not load (bug 111218)
  • Plugins not loading on some pages (bug 108228)
  • Text paste includes trailing spaces (bug 106551)
  • Websites using touch controls break (bug 110332)

Along with these fixes, the release contains an updated version of the Adobe Flash player. More information on Flash updates is available from Adobe.

Security fixes and rewards:

Firstly, we have some special rewards for some special bugs!

  • [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
  • [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
  • [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.

To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn?t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we?re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn?t be possible without the aggressive bug hunting of the wider community.

Please seethe Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
  • [$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
  • [$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
  • [$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
  • [$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
  • [$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
  • [$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
  • [$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
  • [$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
  • [$500] [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
  • [$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
  • [$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
  • [$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
  • [$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.

The majority of the above bugs were detected using AddressSanitizer, which rocks.

More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html

  • 2 weeks later...
Grand Master

still1

Posted
  • Author
Posted
Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

[$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.

[116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.

[$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.

[116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.

[$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.

[117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.

[117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.

[$2000] [117550] High CVE-2011-3056: Cross-origin violation with ?magic iframe?. Credit to Sergey Glazunov.

[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

[108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Google reportedly set to lose two key Gemini and DeepMind researchers to Anthropic

      By Karthik Mudaliar · Posted

      Google reportedly set to lose two key Gemini and DeepMind researchers to Anthropic by Karthik Mudaliar Google is reportedly preparing to lose two more prominent artificial intelligence researchers, with Gemini contributors Jonas Adler and Alexander Pritzel planning to join rival AI developer Anthropic. According to a report from Bloomberg, both researchers are viewed internally as important contributors to Google’s flagship Gemini model family. Adler worked on Google’s AI coding efforts, while Pritzel was involved in the process used to train AI systems. Neither company has publicly confirmed the moves. The report also does not say when the researchers will formally leave Google or what positions they will hold at Anthropic. Training a large AI model requires decisions covering its architecture, data preparation, distributed computing infrastructure, and post-training methods that shape how the finished system behaves. Researchers with experience operating at the scale of Gemini are consequently difficult to replace quickly. Both Adler and Pritzel have previously contributed to Google DeepMind’s scientific research as well. They are listed among the authors of the company’s work on expanding AlphaFold protein-structure predictions across entire proteomes, alongside AlphaFold researchers including John Jumper. The reported departures arrive shortly after another important change within Google’s Gemini organization. Gemini co-lead Noam Shazeer is leaving Google for OpenAI, after returning to the search company in 2024 through its deal with Character.AI. Shazeer is particularly well known as one of the authors of the Transformer paper, whose architecture became the foundation for most modern large language models. Anthropic, meanwhile, has been recruiting recognizable figures from other leading laboratories. OpenAI co-founder and former Tesla AI director Andrej Karpathy joined Anthropic’s pre-training team in May. His move, followed by the reported recruitment of several Google researchers, suggests Anthropic is strengthening the research teams responsible for the core capabilities of future Claude models rather than concentrating solely on product and enterprise sales. The competition is complicated by the companies’ extensive commercial relationships. Anthropic competes directly with Google’s Gemini models, but it also relies on Google as an infrastructure partner. In April, Anthropic announced an expanded agreement with Google and Broadcom covering multiple gigawatts of next-generation Tensor Processing Unit capacity. TPUs are Google-designed accelerators used to train and run large AI models. via Bloomberg
    • Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors

      By Primey_ · Posted

      This article makes my head hurt. Lots of confusing words
    • Google adds built-in computer control to Gemini 3.5 flash

      By Karthik Mudaliar · Posted

      Google adds built-in computer control to Gemini 3.5 flash by Karthik Mudaliar Google has added Computer Use as a built-in tool in Gemini 3.5 Flash, giving developers a single model that can reason about a task and operate graphical interfaces across browsers, mobile devices, and desktop environments. The feature is available through the Gemini API and Google’s Gemini Enterprise Agent Platform, although it remains a preview feature for now. Computer Use enables an AI agent to examine screenshots and return actions such as mouse clicks, scrolling, and keyboard input. A developer’s application must execute those actions, capture the resulting screen, and send it back to Gemini, creating a continuous loop until the task is completed. Google says the integration can be used for activities including repetitive form filling, application testing, research across multiple websites, and longer enterprise workflows. Gemini 3.5 Flash can work with browser, mobile, and desktop environments, whereas Google’s earlier standalone Computer Use model was primarily positioned around browser interaction. The main change is consolidation. Computer control was previously offered through the separate Gemini 2.5 Computer Use preview model. As Neowin reported when that model was introduced, it was designed to interpret a visual interface and generate actions without requiring a website-specific API. Google later brought Computer Use to preview versions of Gemini 3 Pro and Gemini 3 Flash in January 2026. The latest release now incorporates the tool into the stable Gemini 3.5 Flash model rather than requiring developers to select a specialized model solely for interface automation. Gemini 3.5 Flash itself was announced in May as Google’s latest fast model for coding and multi-step agent workflows. It supports a one-million-token input context window and up to 65,000 output tokens, along with adjustable thinking levels that let developers trade additional reasoning for lower latency and cost. Google also added that Gemini 3.5 Flash received targeted adversarial training for computer-use scenarios. The company is also offering safeguards that can require user confirmation before sensitive or irreversible actions and automatically stop a workflow when suspected prompt injection is detected. Its developer documentation describes configurable protections for areas such as financial transactions and changes to sensitive records. Google isn't the first to bring Computer Use to its platform. Anthropic has made computer control available through Claude, while OpenAI has continued improving computer-use performance in its recent models. Microsoft has also applied the concept to business workflows, including a Computer Use capability for the Researcher agent in Microsoft 365 Copilot.
    • Microsoft outs Windows 11 KB5095093 with long list of new features

      By wingliston · Posted

      After I installed KB5095093, the volume on my ARM laptop won't go above 20%. It's stuck on the hearing protection level, which is pretty much useless if you want to listen to anything. I rolled back.
    • Amazon Prime Day slashes Samsung's newest Galaxy Watch Ultra by 45 percent

      By Karthik Mudaliar · Posted

      Amazon Prime Day slashes Samsung's newest Galaxy Watch Ultra by 45 percent by Karthik Mudaliar Samsung’s flagship Android smartwatch has received one of its steepest Prime Day cuts. Amazon has dropped the 2025 Samsung Galaxy Watch Ultra in Titanium Blue to $357.24, saving buyers around $292 from its $649.99 list price. That's a 45 percent discount (purchase link below). The 47mm Galaxy Watch Ultra uses a titanium casing and a 1.5-inch Super AMOLED display with a resolution of 480 x 480 and peak brightness of 3,000 nits. It includes LTE connectivity, Bluetooth 5.3, Wi-Fi, NFC, and dual-frequency L1+L5 GPS for more accurate outdoor route tracking. The 2025 model has 64GB of storage, a 590mAh battery, sapphire crystal glass, 10ATM water resistance, IP68 protection, and MIL-STD-810H durability testing. Its health and fitness tools include heart rate monitoring, sleep coaching, Energy Score, Running Coach, body composition analysis, temperature sensing, and ECG support, where available. This model is best suited to Android users who regularly run, hike, cycle, or train outdoors and want cellular access without carrying a phone. The larger battery, rugged construction, bright display, and dedicated Quick Button also make it a stronger option than Samsung’s regular Galaxy Watch models for extended workouts and demanding environments. Grab the Titanium Blue Galaxy Watch Ultra before the Prime Day price resets: Samsung Galaxy Watch Ultra (2025) [Sold and Shipped by Amazon] Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.

  • Recent Achievements

    • Dedicated
      Scoobystu earned a badge
      Dedicated
    • First Post
      Tom Schmidt earned a badge
      First Post
    • One Month Later
      D0nn13 earned a badge
      One Month Later
    • Rookie
      +ChiefOfNeo went up a rank
      Rookie
    • One Year In
      Tom Schmidt earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      463
    2. 2
      +Edouard
      177
    3. 3
      PsYcHoKiLLa
      124
    4. 4
      Michael Scrip
      79
    5. 5
      Xenon
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!