Chrome 17.0.963.46 Stable released

By still1
in Back Page News

 Share

Recommended Posts

Grand Master

still1

Posted
Posted
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including:
  • New Extensions APIs
  • Updated Omnibox Prerendering
  • Download Scanning Protection
  • Many other small changes

Security fixes and rewards:

Please seethe Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

  • [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
  • [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
  • [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
  • [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
  • [$1000] [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
  • [$2000] [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
  • [$1000] [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
  • [$500] [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
  • [$1000] [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
  • [$500] [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
  • [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
  • [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
  • [109664] Low CVE-2011-3965: Crash in signature check. Credit to S?awomir B?a?ek.
  • [$1000] [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
  • [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
  • [$1000] [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
  • [$1000] [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
  • [$500] [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
  • [$1000] [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
  • [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno).

The bugs [105459], [106441], [108416], [108901], [109716], [109743], [110112], [110277], [110374] and [110559] were detected usingAddressSanitizer.

In addition, we would like to thank miaubiz, Drew Yao and Braden Thomas of Apple, S?awomir B?a?ek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued, including a top $3133.70 reward to Aki Helin.

http://googlechromer...nel-update.html

Link to comment
https://www.neowin.net/forum/topic/1056850-chrome-17096346-stable-released/
Share on other sites
Grand Master

still1

Posted
  • Author
Posted

This has the webRequest API so blocking video ads with an adblock extension should work as good as Firefox now.

yes, thats an awesome feature. I was waiting for download protection. it protects all those stupid people who download and install what ever they find in the internet.

Grand Master

still1

Posted
  • Author
Posted

The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash. More info on the Flash update is available from Adobe.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [105803]HighCVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
  • [$500] [106336] MediumCVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
  • [$1000] [108695]HighCVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
  • [$1000] [110172]HighCVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
  • [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
  • [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
  • [$1000] [111779] HighCVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
  • [112236] MediumCVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
  • [$500] [112259] MediumCVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
  • [112451] LowCVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
  • [$500] [112670] MediumCVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to S?awomir B?a?ek.
  • [$1337] [112822] HighCVE-2011-3026: Integer overflow / truncation in libpng. Credit to J?ri Aedla.
  • [$1000] [112847]HighCVE-2011-3027: Bad cast in column handling. Credit to miaubiz.

http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

  • 3 weeks later...
Grand Master

still1

Posted
  • Author
Posted
The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of issues including:
  • Cursors and backgrounds sometimes do not load (bug 111218)
  • Plugins not loading on some pages (bug 108228)
  • Text paste includes trailing spaces (bug 106551)
  • Websites using touch controls break (bug 110332)

Along with these fixes, the release contains an updated version of the Adobe Flash player. More information on Flash updates is available from Adobe.

Security fixes and rewards:

Firstly, we have some special rewards for some special bugs!

  • [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
  • [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
  • [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.

To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn?t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we?re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn?t be possible without the aggressive bug hunting of the wider community.

Please seethe Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
  • [$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
  • [$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
  • [$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
  • [$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
  • [$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
  • [$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
  • [$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
  • [$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
  • [$500] [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
  • [$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
  • [$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
  • [$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
  • [$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.

The majority of the above bugs were detected using AddressSanitizer, which rocks.

More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html

  • 2 weeks later...
Grand Master

still1

Posted
  • Author
Posted
Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

[$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.

[116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.

[$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.

[116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.

[$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.

[117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.

[117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.

[$2000] [117550] High CVE-2011-3056: Cross-origin violation with ?magic iframe?. Credit to Sergey Glazunov.

[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:

[108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Apple MacBook Neo is a blessing for Windows users, here's why

      By The Werewolf · Posted

      The flaw with this analysis is that this laptop has a cellphone CPU in it. In the Intel world, that would be an N150 and those are everywhere, even in low end laptops. You can get an N150 based NUC with 16GB RAM and 256GB-512GB SSD... NOT soldered in... for < $500 Canadian (around US$360). The problem is two fold: tech bloggers/writers on most tech site (like this one, ironically) overvalue Apple and apparently aren't in the same earnings class as most regular people. As a result, we get breathless articles about how everyone needs a folding phone when most people just cannot afford one... or really need one. And we get Apple used as the baseline metric regardless of whether that comparison makes any sense. If Dell or HP released a retail laptop with a cellphone motherboard, you'd be all over them for doing that - but Apple does it and it's genius. I see articles suggesting what Samsung - a company that basically started the foldable phone market and has built them for eight years - needs to do to compete with Apple's unreleased, unspecced and unseen folding phone. Sorry, no - if the Neo (really creative name there BTW - still, better than the Go, the other "creative" product name everyone's using) encourages PC makers to make cellphone laptops using lower end ARM processors, we all lose. It's a step backwards and a capitulation to the fact that semiconductor makers and computer OEMs (and tech bloggers) have totally lost the plot.
    • Steam Next Fest returns with thousands of new demos to try out

      By +pmrd · Posted

      Everyone should install this extension and ignore games that use AI. https://chromewebstore.google....nnigaaeelfkeomjcngmnh?pli=1 https://addons.mozilla.org/en-US/firefox/addon/ai-warning-for-steam/
    • Malwarebytes Anti-Malware 5.6.0.256

      By Copernic · Posted

      Malwarebytes Anti-Malware 5.6.0.256 by Razvan Serea Malwarebytes is a high performance anti-malware application that thoroughly removes even the most advanced malware and spyware. Malwarebytes version 5.**** brings comprehensive protection against today’s threat landscape so that you can finally replace your traditional antivirus. You can finally replace your traditional antivirus, thanks to a innovative and layered approach to prevent malware infections using a healthy combination of proactive and signature-less technologies. While signatures are still effective against threats like potentially unwanted programs, the majority of malware detection events already come from signature-less technologies like Malwarebytes Anti-Exploit and Malwarebytes Anti-Ransomware; that trend will only continue to grow. For many of you, this is something you already know, since over 50% of the users already run Malwarebytes as their sole security software, without any third-party antivirus. What's new in Malwarebytes 5.****: Unified user experience - For the first time, Malwarebytes now provides a consistent experience across all of our desktop and mobile products courtesy of an all new and reimagined user experience powered by a faster and more responsive UI all managed through an intuitive dashboard. Modern security and privacy integrations - Antivirus and ultra-fast VPN come together seamlessly in one easy-to-use solution. Whether you’re looking for a next-gen VPN to secure your online activity, or harnessing the power of Browser Guard to block ad trackers and scam sites, taking charge of your privacy is simple. Trusted Advisor - Empowers you with real-time insights, easy-to-read protection score and expert guidance that puts you in control over your security and privacy. Malwarebytes 5.6.0.256 changelog: Features and improvements Simplified adding files and folders to the Allow list to make managing your exclusions easier. Improved notifications for Webcam Monitoring. Issues fixed Resolved an issue preventing the Deep Scan results window from displaying when several threats are detected during a scan. Fixed text wrapping issues on the Settings page. Fixed an issue causing tray menu notifications to appear off-screen when using multiple external monitors. Download: Malwarebytes 5.6.0.256 | 436.0 MB (Free, paid upgrade available) Links: Malwarebytes Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Steam Next Fest returns with thousands of new demos to try out

      By LoneWolfSL · Posted

      Steam Next Fest returns with thousands of new demos to try out by Pulasthi Ariyasinghe Valve has been routinely kicking off demo festivals on Steam for years now, and the second drop of 2026 has just opened its doors. It's a great opportunity for any PC gamers to find some interesting games before they release. The June edition of Steam Next Fest is a week-long digital festival including gameplay slices from a large number of indie developers, though a few major publishers are involved this time too. Interested players can use the Next Fest hub page's various sorting and filtering options to easily sort through the hordes of demos available. The top buttons offer quick access to separate and important sorting options, including "By Genre, By Theme, By Feature," with each one offering more granular settings when clicked. At the same time, the built-in Steam tags system is also available below every page to discover new games more quickly. As always, logging in will also enable Steam gamers to utilize Valve's recommendation algorithms to find game demos they might like, specifically, depending on their past play and purchase histories. This time there is even a toggle now to swap between getting a random and personalized selection as Valve collects more data on the available demos. The Charts section is where you can find the most popular demos on the platform right now, offering up the most hyped titles in a simple list. Right at the kickoff, Mistfall Hunter, Empulse, Echoes of Aincrad, Onimusha: Way of the Sword, Over the Hill, Mortal Shell II, and more are trending. Expect this list to change as the week progresses. This edition of the Steam Next Fest is slated to end on June 22 at 10 AM PT. Valve's latest event is now open, and it can be accessed by going to the dedicated hub page here.
    • what other retro software do yall use

      By ThatGuyOnline · Posted

      I lived and breathed MSN Messenger/Windows Live Messenger. Going to the mess.be website (still online with no changes since 2013) to download display pictures etc. I was a beta tester for Messenger Plus! and spent quite a lot of time on the MsgPlus! forums (a read-only copy is still online at https://shoutbox.menthix.net) Some old Neowin articles also https://www.neowin.net/news/messenger-plus-350/ good times but how time flies The main developer of Messenger Plus!, Cyril aka. Patchou has released a game https://store.steampowered.com/app/3275440/Pluralys/

  • Recent Achievements

    • One Year In
      ThatGuyOnline earned a badge
      One Year In
    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter

  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      +Edouard
      199
    3. 3
      PsYcHoKiLLa
      127
    4. 4
      Steven P.
      82
    5. 5
      ATLien_0
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!