Monday, January 25, 2010 | 08:16
Labels: Stable updates
The stable channel has been updated to 220.127.116.11 for Windows, and includes the following features and security fixes (since 3.0):
- Bookmark sync
- Enhanced developer tools
- HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
- v8 performance improvements
- Skia performance improvements
- Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
- HTTP byte range support
- New security feature: "Strict Transport Security" support
- Experimental new anti-reflected-XSS feature called "XSS Auditor"
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
-  Low Pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
-  Medium Cross-domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
-  Medium Browser memory error with stale pop-up block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
-  Low Prevent XHR to directories. Credit to the Chromium development community.
-  Low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
-    High Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
-  High Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
-  Low Corner case failure to strip Referer. Credit to the Chromium development community.
-  High Cross-domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
-  High Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
-  Low Browser crash with nested URL.
Google Chrome Program Manager