Nuova versione stabile di Chrome: V8 Crankshaft e nuovi settaggi

Naviga SWZ: Home Page » News
News del 09 Marzo 11 Autore: Gianplugged
Nuova versione stabile di Chrome: V8 Crankshaft e nuovi settaggi
Google ha rilasciato una nuova versione stabile di Chrome, la 10.0.648.127 per Windows, Mac, Linux e Chrome Frame che porta con sé importanti novità. 

La più rilevante è senza dubbio la nuova versione del motore Javascript V8 (Crankshaft) che Mountain View dichiara di aumentare le performance del 66%. Da sottolineare anche l´introduzione della possibilità di far girare le applicazioni web in background, e il posizionamento delle preferenze del software in Tab.

Note di rilascio:

The Google Chrome team is excited to announce the arrival of Chrome 10.0.648.127 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.  Chrome 10 contains some really great improvements including:
  • New version of V8 - Crankshaft - which greatly improves javascript performance
  • New settings pages that open in a tab, rather than a dialog box
  • Improved security with malware reporting and disabling outdated plugins by default
  • Sandboxed Adobe Flash on Windows
  • Password sync as part of Chrome Sync now enabled by default
  • GPU Accelerated Video
  • Background WebApps
  • webNavigation extension API

Security fixes and rewards:Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

As can be seen, a few lower-severity issues were rewarded on account of being particularly interesting or clever. And some rewards were issued at the $1500 and $2000 level, reflecting bug reports where the reporter also worked with Chromium developers to provide an accepted patch.
  • [42574] [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
  • [Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang.
  • [Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG.
  • [$1337] [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean.
  • [$500] [69628] High Memory corruption with counter nodes. Credit to Martin Barbella.
  • [$1000] [70027] High Stale node in box layout. Credit to Martin Barbella.
  • [$500] [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean.
  • [$1000] [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov.
  • [Linux only] [70779]MediumOut of bounds read handling unicode ranges. Credit to miaubiz.
  • [$1337] [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean.
  • [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva.
  • [$1000] [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz.
  • [71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR.
  • [$1000] [72028] High Stale pointer in table painting. Credit to Martin Barbella.
  • [73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team.
  • [$1000] [73066] High Crash with the DataView object. Credit to Sergey Glazunov.
  • [$1000] [73134] High Bad cast in text rendering. Credit to miaubiz.
  • [$2000] [73196] High Stale pointer in WebKit context code. Credit to Sergey Glazunov.
  • [73716] Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans).
  • [$1500] [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov.
  • [$1000] [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov.
  • [$1000] [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
  • [$1000] [74675] High Invalid memory access in v8. Credit to Christian Holler.
We would also like to thank Ben Hawkes of the Google Security Team, Sergey Glazunov, Martin Barbella and “temp01irc” for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel.

Last, but not least, we’d like to offer special thanks (plus additional rewards to those listed above) to Christian Holler. This is for working with us on his grammar-based fuzzing project, resulting in a more stable and secure “Crankshaft” engine for v8.

More on what´s new at the Official Chrome Blog.  You can find full details about the changes that are in Chrome 10 in theSVNrevision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how.
Inserisci un commento sul forum Commenta la News sul Forum


Categoria: P2P e Web

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter