Chrome Stable Release

The Google Chrome team is happy to announce the release of Chrome 12 to the Stable Channel for all platforms. Chrome 12.0.742.91 includes a number of new features and updates, including:

• Hardware accelerated 3D CSS

• New Safe Browsing protection against downloading malicious files

• Ability to delete Flash cookies from inside Chrome

• Launch Apps by name from the Omnibox

• Integrated Sync into new settings pages

• Improved screen reader support

• New warning when hitting Command-Q on Mac

• Removal of Google Gears
  Security fixes and rewards:
  Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [$2000] [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz.

• [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined).

• [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR).

• [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to "DimitrisV22".

• [$1337] [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc.

• [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno).

• [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community.

• [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc.

• [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.

• [$500] [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne.

• [$1000] [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz.

• [$1000] [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov.

• [$3133.7] [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov.

• [$1000] [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov.
  In addition, we would like to thank David Levin of the Chromium development community, miaubiz, Christian Holler and Martin Barbella for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

We'd also like to call particular attention to Sergey Glazunov's $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date.

You can find out more about Chrome 12 at the official Chrome Blog. The full list of changes is available in the SVN revision logs (Trunk, Branch). Interested in switching to the Stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey

Google Chrome