While other browsers have put things on hold for a while, the developers of Google’s Chrome continue at the same frenzied pace for the browser, clicking off another milestone, a major integer revision of 8 in the stable branch.

The pace is in keeping with the schedule outlined earlier this year, but as other browsers, like Opera and Firefox have lowered the pace at which they are releasing notices of change to the public, Chrome just keeps on chugging, with no slow down for the holidays yet. While Internet Exploder 9 beta had another “leak” not much difference was noted by those bothering to get it.

The latest build of major revision 8 is 8.0.552.215, and the blog lets us know that 13 more flaws were taken care in this minor revision, leading to the named stable release.

{Google Chrome blog}

The Chrome team is happy to announce our latest Stable release, 8.0.552.215.  In addition to the over 800 bug fixes and stability improvements, Chrome 8 now contains a built in PDF viewer that is secured in Chrome’s sandbox.  As always, it also contains our latest security fixes, listed below.  This release will also be posted to the Beta Channel.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
  • [55745] Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR).
  • [56237] Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno).
  • [58319] Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl).
  • [$500] [59554] High Use after free in history handling. Credit to Stefan Troger.
  • [Linux / Mac] [59817] Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team.
  • [61701] Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel.
  • [61653] Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR).
  • [$1000] [62127] High Crash due to bad indexing with malformed video. Credit to miaubiz.
  • [62168] Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc.
  • [$1000] [62401] High Use after free with SVG animations. Credit to Sławomir Błażek.
  • [$500] [63051] Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
  • [$1000] [63444] High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.

We would like to offer special thanks — and a number of rewards — to Aki Helin of OUSPG for his extensive help with the new PDF feature. We’d also like to extend thanks to Sergey Glazunov and Marc Schoenefeld for finding bugs during the development cycle such that they never reached a stable build.
Full details about the changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.

Jason Kersey
Google Chrome

It looks as though it really can be profitable to find bugs if you know what you might be looking for with Chrome.

Paying for the spotting of bugs works for the company in a couple of ways, but possibly the best thing is that it puts those that might be at odds with their progress on the same side because of the cash rewards.

Getting everyone on the side of making the browser better is certainly paying dividends for the reputation of Google, as nothing detrimental goes very long without being quashed.

The largest piece of news for those wishing to use Chrome is that Google did not wait for the people at Adobe to make a sandboxed version of the PDF viewer available, this version built into Chrome 8 has been available since before the release of Acrobat Reader X. It also is available in all versions of Chrome, not only the Windows version.

The changes of version 9 are appearing, and by the looks of things, those speaking up by posting questions and putting up requests, a 64 bit version of the browser is the most asked for item now.

With nothing specified, it may be some time before 64 bits is on the agenda for Chrome.

§