Download Google Chrome 17.0.963.65

Google has released an update to version 17 of its Chrome web browser. Google Chrome is available in three different versions: stable, beta and dev. Development versions are at an early stage of development and are therefore the least stable. In version 17, the omnibox has been improved, among other things. While you are still typing in the search term, Google will already fetch the page it thinks you want to see. This makes it appear a bit faster† In addition, downloads are now also examined in order to better serve the user to protect† The improvements that Google is making with this update can be found below.

Stable Channel Update

The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of issues including:

• Cursors and backgrounds sometimes don’t load (bug 111218†
• Plugins not loading on some pages (bug 108228†
• Text paste includes trailing spaces (bug 106551†
• Websites using touch controls break (bug 110332†

Along with these fixes, the release contains an updated version of the Adobe Flash player. More information on Flash updates is available from Adobe.

Security fixes and rewards:

First, we have some special rewards for some special bugs!

• [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing.
• [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets.
• [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG.

To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn’t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.

please see the Chromium security page for more details. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [105867] High CVE-2011-3031: Use after free in v8 element wrapper.
• [108037] High CVE-2011-3032: Use after free in SVG value handling.
• [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library.
• [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
• [112212] High CVE-2011-3035: Use after free in SVG use handling.
• [113258] High CVE-2011-3036: Bad cast in line box handling.
• [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting.
• [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
• [113707] High CVE-2011-3039: Use after free in quote handling.
• [114054] High CVE-2011-3040: Out-of-bounds read in text handling.
• [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
• [114219] High CVE-2011-3042: Use-after-free in table section handling.
• [115681] High CVE-2011-3043: Use after free in flexbox with floats.
• [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.

The majority of the above bugs were detected using AddressSanitizerwhich rocks.

More detailed updates are available on the Chrome Blog† Full details about what changes are in this release are available in the SVN revision log† Interested in hopping on the stable channel? Find out how† If you find a new issue, please let us know by filing a bug†