Stable Channel Update

The Stable Channel has been updated to 33.0.1750.117 for Windows, Mac, and Linux.

Security Fixes and Rewards

This update includes 28 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$2000][334897] HighCVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
[$1000][331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
[$3000][333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
[$3000][293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
[$500][331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
[$1000][331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil.
[$2000][322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
[$1000][306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.

[332579] LowCVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys.

As usual, our ongoing internal security work responsible for a wide range of fixes:

• [344876] Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.

Many of the above bugs were detected using AddressSanitizer.

General Announcements

Google Chrome Frame has been retired, please read our June 2013 Chromium blog post for additional details and background.

This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome