Tuesday, November 6, 2012

Stable Channel Release and Beta Channel Update

The Chrome team is excited to announce the release of Chrome 23 to the Stable Channel. 23.0.1271.64 for Windows, Mac, Linux, and Chrome Frame. Chrome 23 contains a number of new features including GPU accelerated video decoding on Windows and easier website permissions. More detailed updates are available on the Chrome Blog.  

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:

  • [Mac OS only] [$1000] [149904] High CVE-2012-5115: Defend against wild writes in buggy graphics drivers. Credit to miaubiz.

And back to your regular scheduled rewards, including some at the new higher levels:

  • [$3500] [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.
  • [Linux 64-bit only] [$1500] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG.
  • [$1000] [143761] High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.
  • [Mac OS only] [$1000] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.
  • [$1000] [154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.
  • [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team.
  • [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.
  • [154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).
  • [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).
  • [155323] High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.
  • [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.
  • [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).
  • [157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).

Many of the above bugs were detected using AddressSanitizer.

The security issues in V8 have been fixed in v8-3.13.7.5.

We’d also like to thank miaubiz for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.


This version also has a new Adobe Flash. More details can be found here.


Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

24 comments:

Derek Morr said...

Will there be a corresponding release of Chrome for Android to fix these security issues, or is the Android version not susceptible to them?

Lucio Costa said...

very nice!!! ;)

Dustin said...

I've had an issue for a few weeks due to the new version of flash. When I unplug or plug in my logitech g35 headset (remove/add audio device) I have to close Chrome and reopen it before browser audio is out put to my headset, or to my speakers if I was unplugging my headset. It seems as though flash is having trouble detecting that the default audio device in Windows has changed.

Alen said...

No mention of the PeerConnection API?

msi2 said...

Font rendering is broken...
I'm on win7x64.

Rodrigo said...

One Question: My notebook is Samsung 3 series and have AMD APU A6 with integrated Radeon HD 6520G. This GPU-accelerated video decoding will works for me?

Alexander Kuzmin said...

PopUp window for website permissions on Russian looks ungly and not properly aligned

https://dl.dropbox.com/u/8160145/PopUpSecurity.png

Freeesi® said...

still not gpu accelerated for me

Peter said...

Very nice, it would be good now to get a 64-bit version for Mac OS X and a share(Twitter, etc.)-functionality as part of the browser. (This share-functionality exists on Chrome iOS and on Safari Mac OSX)

Reiner Saddey said...

When I press on the 149904 link to view details for the Mac performance issue, I get "Your client does not have permission to get URL /p/chromium/issues/detail?id=149904 from this server. That’s all we know."

Is there anything I can do to avoid this?

Loi said...

The latest 11.5 flash player doesn't work for ALL VIDEO PLAYER. and the only fix i was able to watch was i had to restore the point before 11.5 release :l

Scott said...

I notice the audio on YouTube videos is slow and stutters since the update here.

theChaos said...

The problems with pages that contain several GIF images remain.

Very laggy and sometimes doesn't even load all the images.

Exemple: http://www.cronixsoul.com/45-stunning-examples-of-animated-gif-photography-from-jamie-beck/

Onyxpanda said...

Dustin, I have the same problem.

I'm not exactly sure if it's Flash or Chrome's problem, but if I unplug my Koss headphones midway through a YouTube video, the sound gets cut off and doesn't produce any sound through my speakers, which are always on. Same thing vice-versa. If while I'm watching a video on YouTube, and I have my speakers on, and then turn them off and plug in my headphones, there's no sound unless I wait for ~15 seconds or restart Chrome.

It's been happening ever since I've updated Chrome.

mad madrasi said...

hmm! Could not update to Chrome 23 stable from 22 stable on my Win7 Ult on i5. Possibly because I've Comodo Dragon too installed.

Work around was to 'set TMP=c:\test' download chromesetup to c:\test and run 'start c:\test\chromesetup.exe' from command prompt.

will write a post about it at
monkeyshine nutworks

Renato said...

Parabens pela estrutura e conteudo de seu blog, Forte abraço Renato Artesanato em MDF

Flamboyant said...

Close tab buttons are still too big (1-2 px beyond the red graphic).

For someone with lots of tabs it may cause accidental close of tab much more often than before.

chirpity said...

Chrome Team,
Please stop making stupid UI tweaks. Having a red circle x close button on a tab not only looks dumb, but is completely unnecessary. The grey one was perfectly fine and got the point across without adding playful color. Next thing you know you are going to be having everything popping up colors everywhere.
Also, greying out the bookmarks dropdown text is REALLY annoying.

Kunal said...

Getting aw snap error on every page after updating to version 23.0.1271.64, on windows xp sp2. How should I fix this ?

Iain Marshall said...
This comment has been removed by the author.
Iain Marshall said...
This comment has been removed by the author.
Iain Marshall said...

Kunal,
try updating to SP3.
Why haven't you done this already? It's been around since April 2008.

Plus, if your still on SP2 you'll find there's around 100 updates since SP3 to download and install.

a67896 said...

Do the "[Linux only]" security bugs apply to the BSDs as well? If so can you please stop with the misleading label?

SaraSanchez said...

Stable? Massive GDI leaks:

http://code.google.com/p/chromium/issues/detail?id=134837