Chrome, Sammelthema für alle Chrome Versionen Einstellungen

[Jav.SEC.21]

Danke für die Info, dataandi.
Da hat Google ja richtig Gas gegeben und
den versprochenen Termin eingehalten.

Changelog:
http://googlechromereleases.blogspot.com/2...nel-update.html

Herunterladen:

- Windows
- Linux
- Mac OS X

Website:
http://www.google.com/chrome/intl/de/landi...hl=de&hl=de

Und wer es gerne auf Deutsch hat.
Beitrag von golem.de
http://www.golem.de/1010/78755.html
Beitrag von heise.de
http://www.heise.de/newsticker/meldung/Goo...ar-1110981.html

Der Beitrag wurde von Jav.SEC.21 bearbeitet: 20.10.2010, 16:40

[dataandi]

Stable Channel Update
Thursday, November 4, 2010 | 08:31
Labels: Stable updates
Google Chrome has been updated to 7.0.517.44 for Windows, Mac, Linux and Chrome Frame on the Stable channel. Along with the security fixes below, this build has an updated version of Flash.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[51602] High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar).
[$1000] [55257] High Memory corruption with enormous text area. Credit to wushi of team509.
[$1000] [58657] High Bad cast with the SVG use element. Credit to the kuzzcc.
[$1000] [58731] High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com).
[$500] [58741] High Use-after-free in text control selections. Credit to “vkouchna”.
[$1000] [Linux only] [59320] High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
[$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl.
[$500] [60238] High Bad use of destroyed frame object. Credit to various developers, including “gundlach”.
[$500] [60327] [60769] [61255] High Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno).
[$1000] [60688] High Out-of-bounds array access in SVG handling. Credit to wushi of team509.
Anthony Laforge
Google Chrome

[Jav.SEC.21]

Rolling out a sandbox for Adobe Flash Player

Google hat in seiner aktuellen Entwicklerversion von Chrome, Adobe
Flash Player eine Sandbox verpasst.

-> http://blog.chromium.org/2010/12/rolling-o...dobe-flash.html

[Solution-Design]

Nennt man Fortschritt. Obwohl bedingt durch Sandboxie läuft hier sowieso jede vom Browser gestartete Instanz in einer Sandbox

[Damnatus]

Nennt man Fortschritt. Obwohl bedingt durch Sandboxie läuft hier sowieso jede vom Browser gestartete Instanz in einer Sandbox

Sozusagen sandboxed Sandbox... das könnte Auswüchse bekommen o.O Ich zitiere Bart Simpson: "Truck-Truck-Truck"

[Solution-Design]

Oh, noch lange nicht TTT... Chrome schaut jetzt auf die bösen Flash-Sicherheitslücken und lässt eine solche Instanz nun in einer Browser-Sandbox laufen. Nur, gerade bei einem Browser gibt es noch viel mehr. Meine: Exploits. Und da setzt dann doch wohl besser wieder ein Programm wie Sandboxie an.

[dataandi]

Version 8

Stable, Beta Channel Updates
Thursday, December 2, 2010 | 11:47
Labels: Beta updates, Stable updates
The Chrome team is happy to announce our latest Stable release, 8.0.552.215. In addition to the over 800 bug fixes and stability improvements, Chrome 8 now contains a built in PDF viewer that is secured in Chrome’s sandbox. As always, it also contains our latest security fixes, listed below. This release will also be posted to the Beta Channel.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[17655] Low Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
[55745] Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR).
[56237] Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno).
[58319] Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl).
[$500] [59554] High Use after free in history handling. Credit to Stefan Troger.
[Linux / Mac] [59817] Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team.
[61701] Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel.
[61653] Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR).
[$1000] [62127] High Crash due to bad indexing with malformed video. Credit to miaubiz.
[62168] Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc.
[$1000] [62401] High Use after free with SVG animations. Credit to Sławomir Błażek.
[$500] [63051] Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
[$1000] [63444] High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
We would like to offer special thanks -- and a number of rewards -- to Aki Helin of OUSPG for his extensive help with the new PDF feature. We’d also like to extend thanks to Sergey Glazunov and Marc Schoenefeld for finding bugs during the development cycle such that they never reached a stable build.

Full details about the changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

[Solution-Design]

Google sollte besser mal am Deinstaller arbeiten. Was da für ein Mist an kaputten Registry-Einträgen übrigbleibt ist schon mehr als unschön. Macht besonders viel Spaß, wenn aus Outlook keine Links mehr geöffnet werden können Handarbeit pur um diesen Driss wieder zu reparieren. OK, Google bedeutet für mich Suchmaschine. Und zwar only Suchmaschine.

[Jav.SEC.21]

Bin mal gespannt, wie viel der integrierte PDF Viewer aushält.

Persönlich benutze ich auch lieber auf Mozilla Firefox zurück, aber
Google hat mit Chrome schon keine schlechte Arbeit geleistet.

Der Anhang ist nicht ernst gemeint.

Der Beitrag wurde von Jav.SEC.21 bearbeitet: 03.12.2010, 22:23

Angehängte Datei(en)

 Unbenannt.PNG ( 4.74KB ) Anzahl der Downloads: 15

 

[Kenshiro]

Google hat mit Chrome schon keine schlechte Arbeit geleistet.

Ich sehe das genauso;)

[Habakuck]

Wenn die die Flash Sandbox rausbringen ist das Paket ziemlich wasserdicht. Feine Sache.

[dataandi]

Stable Channel Update
Thursday, February 3, 2011 | 09:00
Labels: Stable updates
The stable channel has been updated to 9.0.597.84 for all platforms. Details about the features included in this release can be found on the Google Chrome Blog, in addition this release contains the following security fixes.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Special thanks to thecommunity, for playing so much of the game “Z-Type” that they uncovered a Chromium audio bug -- see below!

[Mac only] [42989] Low Minor sandbox leak via stat(). Credit to Daniel Cheng of the Chromium development community.
[$1000] [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG.
[59081] Low Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom).
[62791] Low Browser crash with extension with missing key. Credit to Brian Kirchoff.
[$1000] [64051] High Crashing when printing in PDF event handler. Credit to Aki Helin of OUSPG.
[65669] Low Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno).
[Mac only] [66931] Low Work around a crash in the Mac OS 10.5 SSL libraries. Credit to Dan Morrison.
[68244] Low Browser crash with bad volume setting. Credit to Matthew Heidermann.
[69195] Critical Race condition in audio handling. Credit to the gamers of Reddit!

In addition, we would like to thank Aki Helin, Sergey Glazunov, Ben Hawkes of the Google Security Team, Benoit Jacob, Simon Fraser and miaubiz for reporting bugs to us during the devleopment cycle, so that they never affected the stable channel. Various rewards were issued for this help.

If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Anthony Laforge
Google Chrome

[dataandi]

Stable Channel Update
Tuesday, February 8, 2011 | 09:00
Labels: Stable updates
The stable channel has been updated to 9.0.597.94 for all platforms. This release contains an updated version of Flash player (10.2), along with the following security fixes.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

This release incorporates a new version of Flash (10.2), which is a security update.

[67234] High Stale pointer in animation event handling. Credit to Rik Cabanier.
[$1000] [68120] High Use-after-free in SVG font faces. Credit to miaubiz.
[$1000] [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella.
[69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google.
[$1000] [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC.
If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Anthony Laforge
Google Chrome

Der Beitrag wurde von dataandi bearbeitet: 09.02.2011, 17:44

[Jav.SEC.21]

Huj, da waren die aber schnell mit der Flash 10.2 Implementierung.

[Alexausmdorf]

Mittlerweile bin ich echt mehr als begeistert von Chrome. Die Implementierung von der ganzen Adobe Crapware spart mir die Installation auf dem Pc, was wiederum sichherheitstechnisch ein enormer schritt ist.

Die Pdf Darstellung funktioniert schon wirklich hervorragend.
Hab gar keine n Pdf reader mehr am Pc.

[Gast_J4U_*]

Die Pdf Darstellung funktioniert schon wirklich hervorragend.
Hab gar keine n Pdf reader mehr am Pc.

Du lässt Dir also von Google Deine pdf's vorlesen?

J4U

[Alexausmdorf]

Nö. Ich lese sie direkt im Browser und erspare mir dafür Extrasoftware die, im Falle Adobe, in meinen Augen nur als Crapware bezeichnet werden kann, die immer aufgeblähter wird und einen mit Starteinträgen und unnötigen Überwachungzusatzprogrammen zupflastert.

Und diese werden nicht heruntergeladen, sondern, so wie ich das gelesen habe, innerhalb einer Sandbox geöffnet.

Zitat Macnews:

Google hat eine neue Version 8 seines Browsers Chrome veröffentlicht. Wichtigste Neuerung ist die Integration eines PDF-Viewers, den es bisher nur als Beta-Feature gab. Der PDF-Viewer arbeitet in einer “Sandbox”, also abgeschirmt vom Rest des Browsers und des Systems – und verspricht so mehr Sicherheit.

[Gast_J4U_*]

Nö. Ich lese sie direkt im Browser

Ah ja, lokale .pdf einfach ins Chrome-Fenster ziehen und der öffnet die - wusste ich bisher nicht (die Chrome-Hilfe schweigt sich da auch vornehm aus).
Ich hatte erst vermutet, dass es sich um einen onlinebasierten Dienst handelt, aber der Chrome scheint auch lokale Daten nur lokal zu öffnen.
Trotzdem möchte ich die pdf-Funktionen im Chrome nur als rudimentär bezeichnen, da wird es der PDF-XChange Viewer bei mir wohl noch lange tun.
Gut, ich nehm auch den Chrome nur gelegentlich zu Testzwecken...

J4U

[Alexausmdorf]

Jop, er ist ziemlich langsam, aber solange man kein 100 Seiten PDF öffnet, isses ok.

[dataandi]

Stable Channel Update
Monday, February 28, 2011 | 15:23
Labels: Stable updates
The stable channel has been updated to 9.0.597.107 for all platforms. This release contains the following security fixes.


Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.


Congratulations to the diverse range of researchers featuring in this patch. We’re pleased to announce that the Chromium Security Rewards program has now crossed $100,000 of rewards.

[$1000] [54262] High URL bar spoof. Credit to Jordi Chancel.
[$500] [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
[$1000] [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
[$1000] [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
[$500] [70078] High Crash with forms controls. Credit to Stefan van Zanden.
[$1000] [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
[64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
[$1000] [71114] High Stale node in table handling. Credit to Martin Barbella.
[$1000] [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
[$1000] [71296] High Stale pointer in SVG animations. Credit to miaubiz.
[$1000] [71386] High Stale nodes in XHTML. Credit to wushi of team509.
[$1000] [71388] High Crash in textarea handling. Credit to wushi of team509.
[$1000] [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov.
[71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
[$1000] [71855] High Integer overflow in textarea handling. Credit to miaubiz.
[71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
[72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
[$1000] [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
[$1000] [73235] High Stale pointer in layout. Credit to Martin Barbella.

Chris Evans
Google Chrome Security Team