Beta Channel Update

The Chrome team is excited to announce the promotion of Chrome 39 to the beta channel with 39.0.2171.19 for Linux.

A full list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Alex Mineer

Google Chrome

Dev Channel Update for Chrome OS

The Dev channel has been updated to 39.0.2171.14 (Platform version: 6310.9.0) for all Chrome OS devices except Lenovo N20 and ThinkPad 11e Chromebooks, the Acer Chromebook 11, Asus Chromebooks C300 and C200, the HP Chromebook 14 WP2, the Toshiba Chromebook 2 and the Samsung Chromebook 2 11 - XE500C12 . This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Ben Henry
Google Chrome

Dev Channel Update

The dev channel has been updated to 39.0.2171.13 for Windows, Mac and Linux.

A full list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Alex Mineer
Google Chrome

Chrome for Android Update

The Chrome Team is excited to announce the release of Chrome 38 for Android. Chrome 38.0.2125.102 will be available in Google Play over the next few days. This release contains a number of new features including:

• Support for Battery Status and Screen orientation APIs
• Additional Material Design updates
• Lots of bug fixes and performance improvements!

This release also contains the following security fix:

• [$1500][406593] Medium CVE-2014-3201: Content spoofing with scrollbar. Credit to Keita Haga.

A partial list of changes in this build are available in the Git log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Jason Kersey
Google Chrome

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 38 to the stable channel for Windows, Mac and Linux. Chrome 38.0.2125.101 contains a number of fixes and improvements, including:

- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

A full list of changes is available in the log.

Security Fixes and Rewards 

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 159 security fixes, including 113 relatively minor fixes found using MemorySanitizer. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$27633.70][416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
[$3000][398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$3000][400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang (demi6od) of NSFOCUS Security Team.
[$3000][402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
[$2000][403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
[$1500][399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
[$1500][401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
[$4500][403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
[$3000][338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
[$1500][396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
[$1500][415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
[$500][395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.

We would also like to thank Atte Kettunen of OUSPG and Collin Payne for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $23,000 in additional rewards were issued.

As usual, our ongoing internal security work responsible for a wide range of fixes:
[420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).
Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently 3.28.71.15).

Some of the above bugs were also detected using AddressSanitizer.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.


Matthew Yuan
Google Chrome

Stable Channel Update

The stable channel has been updated to 37.0.2062.124 for Windows and Mac.

This build contains a security change:

[414124] RSA signature malleability in NSS (CVE-2014-1568). Thanks to
Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grünberg
Google Chrome