Tuesday, October 1, 2013

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 30 to the Stable channel for Windows, Mac, Linux and Chrome Frame.  Chrome 30.0.1599.66 contains a number of fixes and improvements, including:
  • Easier searching by image 
  • A number of new apps/extension APIs 
  • Lots of under the hood changes for stability and performance 
You can read more about these changes at the Google Chrome Blog.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 50 security fixes. Below, we highlight some fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

  • [$2500][223962][270758][271161][284785][284786] Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG.
  • [260667] Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky.
  • [$500][265221] Medium CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. Credit to Chamal de Silva.
  • [$4000][265838][279277] High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG.
  • [$500][269753] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to  Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
  • [$1000][271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG.
  • [$1000][276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com.
  • [$1000][278908] High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer.
  • [$1000][279263] High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani.
  • [280512] Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld.
  • [$2000][281256] High CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. Credit to Masato Kinugawa.
  • [$500][281480] Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).
  • [$1000][282088] High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).
  • [$1000][282736] High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data.
  • [285742] Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG.
  • [$1000][286414] High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).
  • [$2000][286975] High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler.

As usual, our ongoing internal security work responsible for a wide range of fixes:
  • [299016] CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30).
  • [275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.

We would also like to thank Atte Kettunen, cloudfuzzer and miaubiz for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $8000 in additional rewards were issued.

Many of the above bugs were detected using AddressSanitizer. The security issue in V8 is fixed in 3.20.17.7.

A partial list of changes is available in the SVN log. Interested in switching to a different release channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

29 comments:

Zlip 792 said...

Why not you paid Mozilla Firefox developer Boris?

David Rees said...

When is support for RHEL6 coming back?

LEADSPECTRE said...

Anyone else having issues with the New Tab page? For some reason is really slow as in it takes over 30 seconds to actually load & show the top websites. What's up with that?

Spire byte said...
This comment has been removed by the author.
Spire byte said...

thank you work bookmarks

Avan Giam said...

Had problems switching between tabs especially those with Flash. Took me a whole morning to figure out that my Chrome was updated to this version afterwhich I downgrade to older version, problem was solved.

My main issue was that my tabs froze whenever I switch back and forth between them. The pages seem to be loaded in the background but the webpage image (what I see on my screen) was the same before I left the tab. If I click on certain parts of the frozen webpage like say where the buttons on the loaded pages should be, it will work but image is still frozen while it seems that webpage has responded to your click in the background(you see the tab reloading).

I am not sure if it is just me but please do advice on how to fix this before I update again to this version.

Robert said...

Unable to disable "Chrome Notifications" Icon from traybar on OSX 10.8.x

Rodolphe BOIXEL said...

Same as Avan Giam for me, my tabs freeze very often, some with simple html pages (just a js script building tables) and with more complex pages.
Tests: www.jeuxvideo.fr (tab freeze when scrolling), tcec.chessdom.com (time counter freeze, no way to refresh the page).

Nojevah N said...

Same problem.

Several freezes since this version. I've disabled GPU optimization to avoid freezes.

But I still have some pages which use CPU even when page is loaded (pcinpact.com for example).

kab said...

GPU acceleration is broken in this release. With GPU acceleration enabled the browsers runs very poorly vs Chrome 29. (Win7-64/Nvidia)

Everything is somewhat laggy. Scrolling, transtions, animations on the Hangouts plugin etc. Easily visible by testing some 'smooth scroll' extensions from the Chrome Store.

Disabling Hardware Acceleration in settings fixes everything. There is either a terrible bug or the flag for hardware accel on/off has been reversed.

kab said...

As a follow-up to the above. Setting 'GPU compositing on all pages' to disabled in chrome://flags rectifies the terrible display performance issues. You can leave the Hardware Acceleration checkbox in your main settings enabled.

John Blossom said...

In your post you say there there are in this release "A number of new apps/extension APIs."Is this the toolkit for sensor integration?

Martin said...

Big problems with tabs that freezes. Seems like a problem for many.

Karen said...

avan, Rodolphe, can you tell me if you have any extensions installed? are you on XP or Win7 (or Mac) if you could open a bug, it would help us in identifying and fixing the issue. thank you!

Andyjm said...

Quote.
Blogger kab said...
As a follow-up to the above. Setting 'GPU compositing on all pages' to disabled in chrome://flags rectifies the terrible display performance issues. You can leave the Hardware Acceleration checkbox in your main settings enabled.

That's brilliant. Thankyou. I would never have found that. Changing that one setting has made a huge difference.
The problem now is, how do I know when to change it back to it's default?
I have to ask how this sort of thing is making it into the stable releases????

xode said...

Disabling 'GPU compositing on all pages' in chrome://flags fixed my problems too (frequent freezes, "Page not responding" and "Aw, Snap!" errors in GMail, Google Drive & Google Docs (Spreadsheet) apps).

Am running Mac OS X 10.8.5, on a MacBook Pro 2.7 GHz Core i7, 16GB 1600 MHz DDR3 RAM, Retina Display

Rodolphe BOIXEL said...

@karen:
Windows 7, with ADBlock plus installed only

Iain Marshall said...

Not noticed any of the problems listed here, as yet. I have 'GPU compositing on all pages' set to 'Enabled'.

I'm using Win XP, I have an older CPU and Graphics Card, 'AthlonXP 3200+' CPU and an ATI X1650Pro GPU.

I'll come back here and post again if I notice anything abnormal.

Karen said...

thank you, if you notice any issues with freezes, please use https://code.google.com/p/chromium/issues/detail?id=303293 if your issue is the same so we can track them on a bug.

Ivan Privaci said...

Opus support in tags is still not enabled?

Issue 104241 ("Support OPUS for the audio tag and Audio object") was reported almost two years ago, and the technical capability has been in place since somewhere around 24 or 26, I think (when the codec was added for WebRTC use).

Is there something wrong with Chrom(e|ium)'s media support that makes it unsafe to enable by default? (I've had no trouble with it in Firefox for over a year now...)

kab said...

Again another follow up.

Leaving all Chrome flags as defaults but setting 'Threaded compositing' to disabled also returns the browser to normal scrolling/video performance.

As such there must be a bug with the GPU accelerated compositor. Disabling GPU compositing completely, or just threaded compositing, seems to fix the current builds video performance issues. (W7/Nvidia)

Rodolphe BOIXEL said...

chrome://flags/ : reset all to default
and all is back to normal

Tony Barnes said...

been using this build in Beta for a while i really like it :).

73fedd08-2c55-11e3-aded-000bcdcb8a73 said...

Since Chrome Frame (30.0.1599.66) was released through auto-update, all of our users are getting the error:

Your profile could not be opened correctly.

Some features may be unavailable. Please check that the profile exists and you have permissions to read and write its contents.

PLEASE DISABLE THIS ALERT.

kab said...

Me again! :)

The compositor seems to be fixed in 30.0.1599.69m (the first update build after the Chrome 30 release).

Thanks for the swift fix Chrome team.

Martin said...

30.0.1599.69 m still have some issues for me with tabs freezing.

chrome://flags/ : reset all to default

That worked for me but that shouldn't have been necessary.

hamad uzair said...

World Most popular Upcoming Latest cars and vehicles, Latest Mazda Models, Racing Cars, International Sport Cars, Concept Cars, PS-Pod, Strange Vehicles, Nissan, Royce Corniche, Ford Concept Cars, Strange Vehicles, Mercedes and More Sport Cars and Vehicles with Pictures and Info
WorldLatestVehicles.com

Johnny said...

Still having sluggish performance issues, tried reinstalling, disabled all extensions, tabs freezing on the 30.0.1599.69 m release. Downgraded to 29.0.1547.66 and it works like a charm :|

A7med said...

"Aw, Snap!" error keep showing in some websites