Chrome Stable Channel Update

Pwn2Own results for Thursday (Day Two)

 

The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including:

• Responsive Images and Unprefixed Web Audio
• Import supervised users onto new computers
• A number of new apps/extension APIs
• A different look for Win8 Metro mode
• Lots of under the hood changes for stability and performance

You can read more about these changes at the Chrome Release blog spot.

Flash Player has been updated to 13.0.0.182, which is included w/ this release.

Security Fixes and Rewards

This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

 

is it just me or finally Chrome has a scrollbar that is more visible now?

before, the scrollbar was pale grey on a pale grey background.
like invisible.

it looks a little darker and more visible now.

 

You're absolutely right! Soooo much better than before! Somehow I hadn't even noticed until I read your comment.

 

it's about bloody time!
this was driving me absolutely bonker!

 

Yes, and as you say, it is darker and more visible... and much bigger. Maybe too big? Ha ha, just kidding.

 

hahaha!

yeah, i think it is slightly bigger as well.

bigger is better. lol

 

The Stable Channel has been updated to 34.0.1847.131 for Windows, Mac, and 34.0.1847.132 for Linux.

This release also contains a Flash Player update, to version 13.0.0.206.

This release fixes a number of crashes and other bugs.

 

The Stable Channel has been updated to 34.0.1847.137 for Windows, Mac and Linux.

This release also contains a Flash Player update, to version 13.0.0.214.


Security Fixes and Rewards
This update includes 3 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$2000][358038] High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne.
[$1500][349898] High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler.
[$1000][356690] High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer.

Two of the bugs above were detected using AddressSanitizer.

This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.

Chrome Releases

 

The Chrome Team is excited to announce the promotion of Chrome 35 to the Stable channel for Windows, Mac, and Linux. Chrome 35.0.1916.114 contains a number of fixes and improvements, including:
More developer control over touch input
New JavaScript features
Unprefixed Shadow DOM
A number of new apps/extension APIs
Lots of under the hood changes for stability and performance

Security Fixes and Rewards

This update includes 23 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
[$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
[$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
[$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
[$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
[$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.

As usual, our ongoing internal security work responsible for a wide range of fixes:
[374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.
[358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Many of the above bugs were detected using AddressSanitizer.

Chrome Releases

 

At the moment, Chrome is not letting me update, saying I am current with 34.0.1847.137.

 

I have updated it yesterday to v.35 with no problem.

 

Hmmmm. Strange. Thanks for reporting, hqsec.

 

EMET 4.1 complains about Chrome's caller function and crashes the browser.
Inactivating caller in EMET helps.

 

Yes there seems to be an issue with EMET 4.1 and Chrome 35. Please see below links for more information which started with v35 -

https://code.google.com/p/chromium/issues/detail?id=348383#c44

And as per advice from below link, i have removed chrome.exe from EMET's list. After my Chrome works fine..
http://www.chromium.org/Home/chromium-security/chromium-and-emet

 

Chrome is still saying I am current with 34.0.1847.137, on two different computers, both 7x64.
Anyone else run into this?
Maybe they pulled the update until the EMET issue is repaired.

 

Thanks for the link.
EMET 4.1 Update seems to play well with Chrome 35. Tried this just now.

 

Have installed Chrome 35 on three computers with no update issues. One of them runs EMET 3.

 

The Chrome Releases Blog indictaes v35.x.x.x is available. You might want to try the Alternate Offline installer instead.

 

I recommend you do the 2nd option not the 1st. Chrome still works fine with everything but "Caller".

http://www.chromium.org/Home/chromium-security/chromium-and-emet

 

Aha! I found another user in the Comments section with the exact same problem...

 

I totally see what the Chrome blog says... I posted it yesterday!
Your suggestion to try the alt installer is appreciated, but I'm going to hold off until I see how this resolves itself.
The alt offline installer appears to be for new installs... doesn't mention upgrades... and I wonder if that would be a problem in itself.
Anyway, TY

 

Oops, didn't see you had posted it, Page. That's what happens when I "skim" The Alternate installer has worked fine for me, including updating itself, as log as your current install matches the installer for one user or all users. Of course holding off like you say is probably wise, but I'd say also elapsed's suggestion is good, too.

 

I am not running EMET.

 

When my Chrome browser self updated to 35.0.1916.114 Stable, my EMET 5.0TP also needed to have its chrome.exe "Caller" box unticked to allow a successful launch.

(Using W7P64SP1)

HTH