(2010.01.25)
The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):
* Extensions
* Bookmark sync
* Enhanced developer tools
* HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
* v8 performance improvements
* Skia performance improvements
* Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
* HTTP byte range support
* New security feature: "Strict Transport Security" support
* Experimental new anti-reflected-XSS feature called "XSS Auditor"
Security Fixes:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
* [3275] Low Pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
* [9877] Medium Cross-domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
* [12523] Medium Browser memory error with stale pop-up block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
* [20450] Low Prevent XHR to directories. Credit to the Chromium development community.
* [23693] Low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
* [8864] [24701] [24646] High Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
* [28566] High Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
* [29920] Low Corner case failure to strip Referer. Credit to the Chromium development community.
* [30666] High Cross-domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
* [31307] High Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
* [31517] Low Browser crash with nested URL.
-DOWNLOAD-
Google Chrome 4.0.249.78
Tuesday, January 26, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment