Google merilis versi baru Chrome Browser 34.0.1847.116 yang lebih stabil buat pengguna Mac, Windows dan Linux, rilis resmi tersebut diposting di halaman blog milik Google Chrome dengan update beberapa bug fixes dan improvement seperti tulisan di bawah ini:
The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including:
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Flash Player has been updated to 13.0.0.182, which is included w/ this release.
Security Fixes and Rewards
This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$5000][354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
[$5000][353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
[$3000][348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
[$3000][343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
[$2000][356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
[$2000][330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
[$1500][337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
[$1000][327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
[$3000][357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
[$1000][346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
[$1000][342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[360298] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.
[345820, 347262, 348319, 350863, 352982, 355586, 358059] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.
Many of the above bugs were detected using AddressSanitizer.
As we’ve previously discussed, Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the priority of constituencies, and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields.
A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Source: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
No comments:
Post a Comment