This repository has been archived by the owner on Dec 4, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
2 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| <span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; white-space: pre-wrap;">The stable channel has been updated to 59.0.3071.104 for Windows, Mac, and Linux. This will roll out over the coming days/weeks.</span><br /><span style="font-family: Arial; font-size: 16pt; white-space: pre-wrap;"><br /></span><span style="font-family: Arial; font-size: 16pt; white-space: pre-wrap;">Security Fixes and Rewards</span><br /><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: italic; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.</span></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This update includes </span><a href="https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call+label%3ARelease-1-M59" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">5</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the </span><a href="http://sites.google.com/a/chromium.org/dev/Home/chromium-security" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Chrome Security Page</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> for more information.</span></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">[$10,500][</span><a href="https://crbug.com/725032" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">725032</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">]</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> High </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CVE-2017-5087: Sandbox Escape in IndexedDB. </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: italic; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Reported by Ned Williamson on 2017-05-22</span></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">[$4,000][</span><a href="https://crbug.com/729991" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">729991</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">]</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> High </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CVE-2017-5088: Out of bounds read in V8. </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: italic; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06</span></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">[$2,000][</span><a href="https://crbug.com/714196" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">714196</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">] </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Medium </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">CVE-2017-5089: Domain spoofing in Omnibox. </span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: italic; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Reported by Michał Bentkowski on 2017-04-21.</span><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.</span></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></div><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As usual, our ongoing internal security work was responsible for a wide range of fixes:</span></div><ul style="margin-bottom: 0pt; margin-top: 0pt;"><li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">[</span><a href="https://crbug.com/732498" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">732498</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">] Various fixes from internal audits, fuzzing and other initiatives</span></div></li></ul><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></div><span id="docs-internal-guid-a9c161bd-acec-7832-160c-a3aab25754e5"><span style="font-family: Arial; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">Many of our security bugs are detected using </span><a href="http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; text-decoration-line: underline; vertical-align: baseline; white-space: pre-wrap;">AddressSanitizer</span></a><span style="font-family: Arial; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; text-decoration-line: underline; vertical-align: baseline; white-space: pre-wrap;">MemorySanitizer</span></a><span style="font-family: Arial; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; text-decoration-line: underline; vertical-align: baseline; white-space: pre-wrap;">Control Flow Integrity</span></a><span style="font-family: Arial; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">, or </span><a href="https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer" style="text-decoration-line: none;"><span style="color: #1155cc; font-family: Arial; font-size: 11pt; text-decoration-line: underline; vertical-align: baseline; white-space: pre-wrap;">libFuzzer</span></a><span style="font-family: Arial; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">.</span></span><br /><span><span style="font-family: Arial; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;"><br /></span></span><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">A list of changes is available in the </span><a href="https://chromium.googlesource.com/chromium/src/+log/59.0.3071.86..59.0.3071.104?pretty=fuller&n=10000" style="color: #4184f3; font-family: arial, helvetica, sans-serif; font-size: 17px; text-decoration-line: none;"><span style="background-color: white; color: black; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">log</span></a><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">. Interested in </span><a href="http://www.chromium.org/getting-involved/dev-channel" style="color: #4184f3; font-family: arial, helvetica, sans-serif; font-size: 17px; text-decoration-line: none;"><span style="background-color: white; color: black; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">switching</span></a><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;"> release channels? Find out </span><a href="http://www.chromium.org/getting-involved/dev-channel" style="color: #4184f3; font-family: arial, helvetica, sans-serif; font-size: 17px; text-decoration-line: none;"><span style="background-color: white; color: black; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">how</span></a><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">. If you find a new issue, please let us know by </span><a href="http://crbug.com/" style="color: #4184f3; font-family: arial, helvetica, sans-serif; font-size: 17px; text-decoration-line: none;"><span style="background-color: white; color: black; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">filing a bug</span></a><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">. The </span><a href="https://productforums.google.com/forum/#!forum/chrome" style="color: #4184f3; font-family: arial, helvetica, sans-serif; font-size: 17px; text-decoration-line: none;"><span style="background-color: white; color: black; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">community help forum</span></a><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;"> is also a great place to reach out for help or learn about common issues.</span><br /><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;"><br /></span><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">Thanks,</span><br /><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">Abdul Syed</span><br /><span style="background-color: white; color: #666666; font-family: arial, helvetica, sans-serif; font-size: 17px; vertical-align: baseline; white-space: pre-wrap;">Google Chrome</span><img src="http://feeds.feedburner.com/~r/GoogleChromeReleases/~4/GCYqIRfImvQ" height="1" width="1" alt=""/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Stable Channel Update for Desktop |