Software Update: Google Chrome 4.0.249.78

Google released the first stable version of version 4.0 for Windows of its web browser Chrome on Monday. The update has version number 4.0.249.78 and can be done via the update function in the browser itself or from this page be brought in. New in version 4.0 is support for extensions, as we also know it from Mozilla Firefox. Also new is the possibility to synchronize bookmarks, which is useful when surfing on multiple computers. In addition, new HTML5 APIs have been added, the browser has become a lot faster and several security vulnerabilities have been fixed. The most important changes since version 3.0 are listed below:

Stable Channel Update

The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):

• extensions
• bookmark sync
• Enhanced developer tools
• HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
• v8 performance improvements
• Skia performance improvements
• Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
• HTTP byte range support
• New security feature: “Strict Transport Security” support
• Experimental new anti-reflected-XSS feature called “XSS Auditor”

Security Fixes:

Please see the Chromium security page for more details. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [3275] low Pop up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
• [9877] Medium Cross domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
• [12523] Medium Browser memory error with stale popup block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
• [20450] low Prevent XHR to directories. Credit to the Chromium development community.
• [23693] low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
• [8864] [24701] [24646] high Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
• [28566] high Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
• [29920] low Corner case failure to strip Referr. Credit to the Chromium development community.
• [30666] high Cross domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
• [31307] high Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
• [31517] low Browser crash with nested URL.