The Chrome team is excited to announce the promotion of Chrome 30 to the Stable channel for Windows, Mac, Linux and Chrome Frame. Chrome 30.0.1599.66 contains a number of fixes and improvements, including:

Easier searching by image

A number of new apps/extension APIs

Lots of under the hood changes for stability and performance

You can read more about these changes at the Google Chrome Blog





Security Fixes and Rewards





Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.





This update includes 50 security fixes . Below, we highlight some fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.





[$ 2500 ][ 223962 ][ 270758 ][ 271161 ][ 284785 ][ 284786 ] Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG.

[ 260667 ] Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky.

[$ 500 ][ 265221 ] Medium CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. Credit to Chamal de Silva .

[$ 4000 ][ 265838 ][ 279277 ] High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG.

[$ 500 ][ 269753 ] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).

[$ 1000 ][ 271939 ] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG.

[$ 1000 ][ 276368 ] High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com.

[$ 1000 ][ 278908 ] High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer.

[$ 1000 ][ 279263 ] High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani.

[ 280512 ] Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld.

[$ 2000 ][ 281256 ] High CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. Credit to Masato Kinugawa .

[$ 500 ][ 281480 ] Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).

[$ 1000 ][ 282088 ] High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).

[$ 1000 ][ 282736 ] High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data.

[ 285742 ] Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG.

[$ 1000 ][ 286414 ] High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).

[$ 2000 ][ 286975 ] High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler.





As usual, our ongoing internal security work responsible for a wide range of fixes:

[ 299016 ] CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30).

[ 275803 ] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here .





We would also like to thank Atte Kettunen, cloudfuzzer and miaubiz for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $ 8000 in additional rewards were issued.





Many of the above bugs were detected using AddressSanitizer . The security issue in V8 is fixed in 3.20.17.7.









Karen Grunberg

Google Chrome