Stable Channel Update for Desktop
Tuesday, September 4, 2018
The Chrome team is delighted to announce the promotion of Chrome 69 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 69.0.3497.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 69.
Security Fixes and Rewards
As usual, our ongoing internal security work was responsible for a wide range of fixes:
If you're interested in Enterprise relevant information please look through the Enterprise Release Notes for Chrome 69.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Thank you,
Krishna Govind
Chrome 69.0.3497.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 69.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 40 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$5000][867776] High CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka on 2018-07-26
[$3000][847570] High CVE-2018-16066:Out of bounds read in Blink. Reported by cloudfuzzer on 2018-05-29
[$500][860522] High CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-07-05
[N/A][877182] High CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand of Google Project Zero on 2018-08-23
[N/A][848238] High CVE-2018-16069:Out of bounds read in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-05-31
[N/A][848716] High CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-06-01
[N/A][855211] High CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-21
[$4000][864283] Medium CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer. Reported by Jun Kokatsu (@shhnjk) on 2018-07-17
[$3000][863069] Medium CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu (@shhnjk) on 2018-07-12
[$3000][863623] Medium CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu (@shhnjk) on 2018-07-13
[$2500][864932] Medium: Out of bounds read in Little-CMS. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on 2018-07-18
[$2000][788936] Medium CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila (@cgvwzq) on 2017-11-27
[$2000][867501] Medium CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2018-07-25
[$1000][377995] Medium CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero on 2014-05-27
[$1000][858820] Medium CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks on 2018-06-28
[$500][723503] Medium CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù (antisnatchor) on 2017-05-17
[$500][858929] Medium CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani on 2018-06-29
[N/A][666299] Medium CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn of Google Project Zero on 2016-11-17
[N/A][851398] Medium CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair on 2018-06-11
[N/A][856823] Medium CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-26
[$1000][865202] Low CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu (@shhnjk) on 2018-07-18
[N/A][856578] Low CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin of Yandex on 2018-06-26
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [880418] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
If you're interested in Enterprise relevant information please look through the Enterprise Release Notes for Chrome 69.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Thank you,
Krishna Govind
Follow
12 comments :
2 septembre 2008 - 4 septembre 2018: Happy Birthday Chrome!
Genuine thanks to all the Chrome Team members for all the hard work over the last TEN years.
And yes,Chrome 69 looks really gorgeous and speedy and really secure. :)
PS: clearly,I like Google very much.
I just updated to Version 69.0.3497.81 and chrome is very slow to open and slow to load pages. I am using windows 10, and I tried Edge and it seems to be working normally.
Unknown@, could you pls report a bug for issue you're facing under crbug.com with full details? Thank you.
The gap between bookmark bar icons become much wider now so less icons can be accommodated. Could you please reset to the compact design in the previous version? Thanks.
Thanks for the update,but since it came without notification it came as a surprise.
7/32
Radeon software version:
Non-WHQL-32Bit-Radeon-Software-Crimson-16.7.2-Win10-Win8.1-Win7-July9
Ah,a little thingy in the chrome://gpu/:
Log Messages
GpuProcessHostUIShim: The GPU process exited normally. Everything is okay.
[304:8500:0904/230759.667:WARNING:ipc_message_attachment_set.cc(49)] : MessageAttachmentSet destroyed with unconsumed attachments: 0/1
GpuProcessHostUIShim: The GPU process exited normally. Everything is okay.
When does the update come to Chromebooks?
Only $5000 for Out of bounds write in V8 - wtf guys?!
Congrats! Looking great and I'm a big Chrome fan.
One minor bug I've noticed is when developing with Visual Studio, when debugging and hitting a breakpoint, the new Chrome will go black for a few seconds then come back and do this cyclically while VS is 'paused' at a breakpoint. It looks like the monitor switches off completely but it's actually Chrome going completely black (page and tabs bar etc).
when I use Chrome with DevTools and examine elements, the browser turns completely black for 2 seconds. That happens again and again. No nice work anymore. :-(
Post a Comment