Tuesday, June 26, 2012

Stable Channel Update

The Google Chrome team is happy to announce the arrival of Chrome 20 (20.0.1132.43) to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google.
  • [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processes interfering with each other. Credit to Google Chrome Security Team (Justin Schuh).
  • [$1000] [120222] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz.
  • [$1000] [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz.
  • [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium development community.
  • [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG.
  • [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”.
  • [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
  • [$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz.
  • [$1000] [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz.
  • [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno).
  • [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community (Dharani Govindan).
  • [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team and Google Chrome Security Team (Chris Evans).
  • [$1000] [129947] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz.
  • [$1000] [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz.
  • [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni of Comsec Consulting.
  • [$1000] [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz.
  • [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team.
  • [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team.
  • [$1000] [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla.

And some additional rewards for issues with a wider scope than Chrome:

  • [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire.
  • [64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Arthur Gerkis, Atte Kettunen of OUSPG and miaubiz for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Various additional rewards were issued for this awesomeness.

Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

40 comments:

Richard Kral said...

Big conratulations to miaubiz for winning another 7000 bucks!

Tom said...

I have no problem with you announcing all these awards, but surely you know that some of us are wondering what this Chrome 20 that just landed on our computers is?

There doesn't appear to be a word here, on chrome.blogspot, or on chrome plus page, about this new release (other then all the security awards).

Manish said...

Congrats to Chrome team. Glad to see the upgrade before the IO..

Luboš Motl said...

Dear Tom, "Chrome" with any number is an internet browser, currently the #1 browser in the world, produced by Google. "Chrome 20" is the 20th "major edition" of Chrome. Every new edition fixes known problems of the previous ones, especially the security issues that you dislike so much.

Hannibal said...

best thing: linux x64 now with flashplayer !!! THX google!

Pedram said...

Congrats! Google Chrome is not TEENAGER  any more! :) Welcome to 20!

Женька said...

Hey! Whats new in Google Chrome 20? Except for security fixes…

Daniel said...
This comment has been removed by the author.
undso said...

Hey +Google Chrome Developer/Support what is this? And why? German user have problems with the "& nbsp;" - Hope you will fix it soon :) - #Chrome #Bug #css #developer #break

http://www.screenr.com/evl8

Александр Чухлебов said...

On Windows 8 RP works bad - UI sometimes freezes, settings button dont work..( I can open settings only by chrome://chrome, however, half a day before this version worked fine

David Knowles said...

Is this just a bug, security and stabilisation release, not noticing any new features.

Cody said...

For those wondering about changes other than security, the NTP button and omnibox shape are new. I do not know what else, but I like those changes.

Cody said...

... and the main button animations.

Tom said...

Apparently this is really just a bug fix and under-the-hood release.

Which sounds good to me. God knows that Android needs one of those!

Marc M said...
This comment has been removed by the author.
Marc M said...

Wtf all my pinned sites from the new tab page are gone!? And now I cant rearrange them OR even pin them anymore!
I am typically I fan of change, however when you remove necessary features then I DO NOT like that.

Weltman said...

Congratulations to the programmers who mad this release possible. I can imagine the hours put in doing so.
I once saw a sign in an Engineering office..it read "We love deadlines..its the sound they make as they swoosh by!!

Cody said...

@Mac M: The ability to pin and rearrange Most-Visited sites was removed several iterations ago. Now, the list is only based on visits (which I think makes sense...).

Marc M said...

@Cody: I just don't get why add a feature then remove it?

Tina Bell said...

I also don't like the new way of now the Most-visited works. I liked being able to have them in the order I wanted and not moving around based on my visits.

I also liked being able to pin them and was okay with that change due to still being able to have the sites I wanted in the order I wanted them.

근두운과 여의봉 said...
This comment has been removed by the author.
kuopingBK said...

I cannot finish a download operation and a red warning information say: Cannot save due to insufficient permissions

Mitch said...

I hate the "Show Advanced Settings" option. Just show the "advanced settings" and don't waste our time clicking on something stupid.

Oscar Raúl Schefer said...

Felicitaciones de parte de la Comunidad de programadores Joomla de la Ciudad de Corrientes Argentina

Artem Kondratev said...

Almost impossible to use under linux(Arch) x64. Scrolling, inpunt etc - everything is like a slideshow

gancheff said...

When is Google going to fix the automatic download vulnerability? Currently any site can save an EXE on your computer without you even knowing about it. This issue has been around since ver. 1. Google should really fix this problem.

Artem Kondratev said...

Okay, the problem was in

Shockwave Flash 11.3 r31
11.3.31.109
/opt/google/chrome/PepperFlash/libpepflashplayer.so

after turning pepper flash off - everything back to normal

Egaeus said...

Has anyone tried the Linux x32 version? Seems not to work at all for many people on multiple distros, including my own (Kubuntu 10.04).

Egaeus said...

Oh, hey, look at that! The problem with x32 is the same as with Artem's problem with x64, only with different results.

mobilediesel said...

google-chrome-stable 20.0.1132.43 does not start in Debian Stable 6.0.5.

Virgil said...

This release should be no more than 19.1.1132.43. There's nothing new to make it a 20.0.1132.43. I don't remember seeing that 0 being used, ever, this release should (have) change(d) that. I mean, a major fix is just that: a major fix, something that shouldn't have happened anyway; you might as well skip a few numbers, and go to version 26 and say, "Oops, I forgot to un-comment a line before compiling, but now I did and it turned out to be a good release."

I hope I'll remember this comment in a few years from now, when Chrome's version will be longer than an IPv6 address :))

Tibor Szasz said...

If anyone wonders about the versioning of Chrome, I have a "solution" to understand it :)

Simply divide the actual version by 10. So they have just reached version 2.0 :)

Denis Tvarog said...

keep getting " aw, snap! " after the update, I have imgur, ad block, HD youtube and tinyeye extensions installed. reloading the pages doesn't help.. it was working fine before the update

Archlinux said...

I don't understand how some of you people still don't understand that Chrome doesn't follow the traditional release schema.

There's a new major version number bump every 1-2 months no matter how many new features there is. This is just a way to rapidly develop software. And taken how Chrome, as of May, has third of the worldwide browser market according to StatCounter, it seems to be working.

Even firefox started to follow the same logic, but they really do have some new stuff to share upon every release. This doesn't necessarily mean that Chrome doesn't. Just have a look at the SVN log. There's _tons_ of smaller changes that _together_ make that newer version: http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=129376:135598&mode=html

ර.. said...

It seems like google fixed the session bug in v20. in v19 session variables were not automatically deleted when browser window closed. But with v20 it works fine. I switched to firefox in that period for do my PHP project. Now I can switch back to loving chrome

tester uploadstation said...

Hi, there is a layout bug after updating to 20.0.1132.47. Check that out at www.uploadstation.com
the "browser" is shifted after resize of the browser. any idea ?? thanks

tester uploadstation said...

it should be the "Browse" button

Patrick said...

Chrome is secure and that's the only reason I'm still using it. IMO, Chrome is getting like Firefox was a few years ago...bloated and slow. I'm using Firefox a lot more.

Also, anyone else having problems loading in CNBC sites with Chrome? Sometimes they load, most times they don't.

Дмитрий said...

If anyone has Google Chrome not starting after upgrading from 19 to 20 (if Chrome 19 was okay) this receipt will be useful. It really helped me on Debian Squeeze. Here it is:

http://www.linuxquestions.org/questions/linux-software-2/google-chrome-20-0-doesnt-work-in-debian-squeeze-4175414080/

PepperFlash doesn't work on my system. Probably this plugin is too raw and buggy.

Cassandra said...

I'm so ticked!!! Chrome used to work with everything, now no games on FB work in Chrome - works in IE just fine. Many pages are not displaying certain area's of the site since the update, as well as many many other problems that I keep running into. I feel as if my wonderful go to chrome browser has failed me and am going to be uninstalling it from all the computers in my home today - I really don't want to backdate the program if there were security issues. But now with Nothing but issues with every computer with Chrome and when I rely on it for my business it sucks. *sigh* Microsoft wins again....