Google Chrome stabile arriva a 14 con Client nativo per le Applicazioni

Naviga SWZ: Home Page » News
News del 17 Settembre 11 Autore: Gianplugged
Google Chrome stabile arriva a 14 con Client nativo per le Applicazioni
Il ciclo rapido di aggiornamento del browser Chrome, fa sì che non sempre ci siano novità eclatanti tra le varie versioni, ma nel caso della nuova versione stabile del software, giunta alla release 14.0.835.163 per tutte le piattaforme, c´è un´implementazione che merita un approfondimento.

Si tratta del client nativo per le applicazioni, che entra nel canale stabile. Il Native Client (NaCi) permette a Google Chrome di eseguire il codice nativo delle applicazioni all´interno del browser, offrendo notevoli aumenti di performance per le app proposte sul Chrome Web Store, create in codice Web come HTML, Javascript e CSS.

L´introduzione nella versione stabile di Chrome del Native Client arriva a poche ore dall´annuncio del varo della versione localizzata in italiano, del Chrome Web Store. 

La nuova versione di Chrome risolve inoltre differenti problemi di sicurezza, compatibilità e stabilità.

L´annuncio, sul blog ufficiale Google, è disponibile a questo indirizzo.

Note di rilascio:

The Chrome Stable channel has been updated to 14.0.835.163 for all platforms.  This release contains the following security fixes. More details about high level features can be found on the Google Chrome blog.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community.
  • [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar.
  • [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.
  • [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team.
  • [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community.
  • [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc.
  • [$500] [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes.
  • [Mac only] [80680] Low CVE-2011-2842: Insecure lock file handling in the Mac installer. Credit to Aaron Sigel of
  • [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community.
  • [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes.
  • [$1000] [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis.
  • [$1000] [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz.
  • [$500] [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel.
  • [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis.
  • [$500] [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz.
  • [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz.
  • [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno).
  • [$500] [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.
  • [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined).
  • [$1000] [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno).
  • [$1000] [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis.
  • [$2000] [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean.
  • [$1000] [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.
  • [$1000] [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
  • [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
  • [$1000] [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz.
  • [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG.
  • [$2337] [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov.
  • [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno).
  • [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno).
  • [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
  • [$1000] [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler.
In addition, we would like to thank “”, “Feiler89”, miaubiz, The Microsoft Java Team / Microsoft Vulnerability Research (MSVR), Chris Rohlf of Matasano, Chamal de Silva, Christian Holler, “simon.sarris” and Alexey Proskuryakov of Apple for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

The full list of changes is available in the SVN revision log.  Interested in switching to another channel?  Find out how

If you find a new issue, please let us know by filing a bug.
Inserisci un commento sul forum Commenta la News sul Forum


Categoria: P2P e Web

Licenza: Open source

OS: Windows, Linux, OS X

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter