2008年12月3日 星期三

Chrome update to 0.4.154.29

0.4.154.29

修正拉動分頁捲軸時會當機的問題。

Google Chrome 0.4.154.29 has been released and all users will get automatically updated over the next 48 hours.

This release upgrades Gears to 0.5.4.2 to address a security issue with Gears 0.5.4.0 and earlier versions:

Gears Cross-Origin Worker Vulnerability
CVE: CVE-2008-5258
A vulnerability in Gears could allow an attacker to run code in the context of a site that serves user-controlled files. To exploit this, an attacker needs to upload a malicious file to the victim's site and convince the user to allow the attacker's site to use Gears.

Severity: High. Even though this requires convincing users to allow a third-party site to use Gears, it could allow data theft and cross-site scripting on sites hosting user-created content, even those that do not use Gears.
Credit: Thanks to Yair Amit, Senior Security Researcher, IBM Rational Application Security Research Team for responsibly reporting the issue to Google.

This release also contains a fix to stop crashes while dragging tabs on computers running Windows Vista.


See http://googlechromereleases.blogspot.com/