Chrome Releases: Stable Channel Update

Wednesday, September 30, 2009

Stable Channel Update

3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release.

Security Fixes:

CVE-2009-0689 dtoa() error parsing long floating point numbers

The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component.

Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected.

Mitigations:

A victim would need to visit a page under an attacker's control.
Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

11 comments:

Cris said...: brother, the speed of downloads is very bad.
I download files using Google Chrome at 20 kps, while with Internet Explorer I download files at 225 kps.

ei, solve the problem!!!!!!; 3:10 PM, September 30, 2009
Cris said...: I don´t like the Download tool of Chrome. Is very slow!!!!!!!!!; 3:20 PM, September 30, 2009
Joe Chung said...: My Chrome won't update. It's still on 3.0.195.21, and the About box doesn't think there are any updates.; 3:40 PM, September 30, 2009
Mankauf said...: My stable channel won't update from .21 either; it insists that it is up-to-date.

Will try again in the morning...; 3:57 PM, September 30, 2009
David Powell said...: mine wont update from .21; 4:11 PM, September 30, 2009
Diego said...: The download system is really awful.
Is there anything u can do with it pls?; 4:31 PM, September 30, 2009
Fabio Turati said...: I've just got the update. I think the release notes were published a bit before the patch was actually available. No need to worry about this, then.; 5:21 PM, September 30, 2009
Fabio Turati said...: By the way, I can't post here using Chrome, the blog returns an error which forces me to use another browser. I'm using Explorer right now. Does this happen to anybody else?; 5:22 PM, September 30, 2009
d2kx said...: I am posting with Chrome 3 (stable) right now @Fabio.; 4:11 AM, October 01, 2009
John, Jeanna, & Jesse said...: Wow, Google catches these bugs/glitches really fast. Of course that's why it is the best and most secure browser around.; 12:24 PM, October 01, 2009
pandemos said...: From my point of view, this release does not deserve to be called "stable".

1. Its handling of pop-up windows is messed up. Go to http://forums.delphiforums.com/dictionary/messages/
and try to use the "search" bar there, which should show the results in a pop-up window. It works the first time, but if the PUP window is not closed, then the next result is not shown - the window does not get updated.
This is a regression.

2. It leaks memory horribly. I saw one of the processes grabbing 240M.

All of the above is on WinXP.; 3:49 PM, October 02, 2009

Feb	MAR	Apr
	24
2014	2015	2016