Update Available on the Stable, Beta and Dev Channel: Chrome 2.0.172.37 and Chrome 3.0.194.3
Google, the Mountain-view based company that we all know for their search engine, has released an update for the Chrome 2.0 browser. The update, which carries the version number of 2.0.172.37, has been released on the Beta channel and on the Stable channel and is meant to fix some bugs and some security vulnerabilities affecting the software.
Chrome 2.0.172.37 fixes the following bugs”
- Fixed solving CAPTCHA images at Orkut.com.
- Forward and back navigation works even when the user is redirected.
- Some CET locales did not properly recognize daylight savings time. This issue has been fixed.
Chrome 2.0.172.37 version changes
- V8JavaScript engine version 1.1.10.14
- Google Gears 0.5.25.0
The Chrome 2.0.172.37 also addresses two security vulnerably affecting the web browser. One has been given the critical rating (run arbitrary code with the privileges of the logged user) while the second has been rated high (attacker might run arbitrary code on the targeted machine within the Chrome sandbox).
An official description of the two security vulnerabilities has been provided by the Google security team, the one who uncovered these security holes:
Critical: Memory corruption in the browser process
A compromised renderer (tab) process could cause the browser process to allocate very large memory buffers. This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
High: Heap overflow with Javascript regular expressions
Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.
Google has rolled out an update on the dev channel as well: Google Chrome 3.0.194.3 for Mac and Linux. For the Windows developer, the latest release is Chrome 3.0.193.0. The announcement has been made by Engineering Program Manager with Google, Jonathan Conradt.
“Google Chrome 3.0.194.3 has been released to the Dev channel for Mac and Linux. Windows remains on 3.0.193.1. More details are available in the release notes and the log of all revisions. You can find out about getting on the Dev channel here. If you find new issues, please let us know by filing a bug [here],” said Conradt.
Here are some Chrome 3.0.193.0 for Mac and Linux highlights:
- Saving files should no longer cause the browser to crash.
- Dragging and closing a tab should no longer cause the browser to crash.
- Session info will no longer be lost when you restart Chrome 3.0 for Linux.
And in related news, Google has announced that in order to narrow the window of vulnerability that opens up whenever the company pushes Chrome updates, Google will make all updates smaller in size. Not only does this make the update process a lot safer, it also means that Google can push many more updates per unit of bandwidth.
Software Engineer Stephen Adams explains that all this has been made possible by replacing the existing binary diff algorithm with a new one. “We tried several binary diff algorithms and have been using bsdiff up until now. We are big fans of bsdiff - it is small and worked better than anything else we tried. But bsdiff was still producing diffs that were bigger than we felt were necessary. So we wrote a new diff algorithm that knows more about the kind of data we are pushing - large files containing compiled executables.”
To put things in perspective, here’s how much the update size has shrunk:
Full update: 10,385,920 bytes
bsdiff update: 704,512 bytes
Courgette update: 78,848 bytes
Chrome 2.0.172.37 fixes the following bugs”
- Fixed solving CAPTCHA images at Orkut.com.
- Forward and back navigation works even when the user is redirected.
- Some CET locales did not properly recognize daylight savings time. This issue has been fixed.
Chrome 2.0.172.37 version changes
- V8JavaScript engine version 1.1.10.14
- Google Gears 0.5.25.0
The Chrome 2.0.172.37 also addresses two security vulnerably affecting the web browser. One has been given the critical rating (run arbitrary code with the privileges of the logged user) while the second has been rated high (attacker might run arbitrary code on the targeted machine within the Chrome sandbox).
An official description of the two security vulnerabilities has been provided by the Google security team, the one who uncovered these security holes:
Critical: Memory corruption in the browser process
A compromised renderer (tab) process could cause the browser process to allocate very large memory buffers. This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
High: Heap overflow with Javascript regular expressions
Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.
Google has rolled out an update on the dev channel as well: Google Chrome 3.0.194.3 for Mac and Linux. For the Windows developer, the latest release is Chrome 3.0.193.0. The announcement has been made by Engineering Program Manager with Google, Jonathan Conradt.
“Google Chrome 3.0.194.3 has been released to the Dev channel for Mac and Linux. Windows remains on 3.0.193.1. More details are available in the release notes and the log of all revisions. You can find out about getting on the Dev channel here. If you find new issues, please let us know by filing a bug [here],” said Conradt.
Here are some Chrome 3.0.193.0 for Mac and Linux highlights:
- Saving files should no longer cause the browser to crash.
- Dragging and closing a tab should no longer cause the browser to crash.
- Session info will no longer be lost when you restart Chrome 3.0 for Linux.
And in related news, Google has announced that in order to narrow the window of vulnerability that opens up whenever the company pushes Chrome updates, Google will make all updates smaller in size. Not only does this make the update process a lot safer, it also means that Google can push many more updates per unit of bandwidth.
Software Engineer Stephen Adams explains that all this has been made possible by replacing the existing binary diff algorithm with a new one. “We tried several binary diff algorithms and have been using bsdiff up until now. We are big fans of bsdiff - it is small and worked better than anything else we tried. But bsdiff was still producing diffs that were bigger than we felt were necessary. So we wrote a new diff algorithm that knows more about the kind of data we are pushing - large files containing compiled executables.”
To put things in perspective, here’s how much the update size has shrunk:
Full update: 10,385,920 bytes
bsdiff update: 704,512 bytes
Courgette update: 78,848 bytes
