A browser that combines a minimal design with sophisticated technology!
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. It has one box for everything: Type in the address bar and get suggestions for both search and web pages. Will give you thumbnails of your top sites; Access your favorite pages instantly with lightning speed from any new tab. Google Chrome is an open source web browser developed by Google. Its software architecture was engineered from scratch (using components from other open source software including WebKit and Mozilla Firefox) to cater for the changing needs of users and acknowledging that today most web sites aren’t web pages but web applications. Design goals include stability, speed, security and a clean, simple and efficient user interface.
• Sandboxing. Every tab in Chrome is sandboxed, so that a tab can display contents of a web page and accept user input, but it will not be able to read the user’s desktop or personal files.
• Privacy. Google announces a so-called incognito mode claiming that it “lets you browse the web in complete privacy because it doesn’t record any of your activity”. No features of this, and no implications of the default mode with respect to Google’s database are given.
• Speed. Speed improvements are a primary design goal.
• Multiprocessing. The Gears team were considering a multithreaded browser (noting that a problem with existing web browser implementations was that they are inherently single-threaded) and Chrome implemented this concept with a multiprocessing architecture. A separate process is allocated to each task (eg tabs, plugins), as is the case with modern operating systems. This prevents tasks from interfering with each other which is good for both security and stability; an attacker successfully gaining access to one application does not give them access to all and failure in one application results in a “Sad Tab” screen of death. This strategy exacts a fixed per-process cost up front but results in less memory bloat overall as fragmentation is confined to each process and no longer results in further memory allocations. To complement this, Chrome will also feature a process manager which will allow the user to see how much memory and CPU each tab is using, as well as kill unresponsive tabs.
• Rendering Engine. Chrome uses the WebKit rendering engine on advice from the Gears team because it is simple, memory efficient, useful on embedded devices and easy to learn for new developers.
• Tabs. While all of the major tabbed web browsers (e.g. Internet Explorer, Firefox) have been designed with the window as the primary container, Chrome will put tabs first (similar to Opera). The most immediate way this will show is in the user interface: tabs will be at the top of the window, instead of below the controls, as in the other major tabbed browsers. In Chrome, each tab will be an individual process, and each will have its own browser controls and address bar (dubbed omnibox), a design that adds stability to the browser. If one tab fails only one process dies; the browser can still be used as normal with the exception of the dead tab. Chrome will also implement a New Tab Page which shows the nine most visited pages in thumbnails, along with the most searched on sites, most recently bookmarked sites, and most recently closed tabs, upon opening a new tab, similar to Opera’s “Speed Dial” page.
Change in Google Chrome 17.0.963.83: (Security fixes and rewards)
- [$1000]  High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
-  High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
- [$1000]  High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
-  High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
- [$1000]  High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
-  Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
-  Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
- [$2000]  High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.
Change in Google Chrome 17.0.963.79: (Security fixes and rewards)
- [Like a b-b-b-b-boss!!! $60,000]   Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.
Change in Google Chrome 17.0.963.78: (Security fixes and rewards)
- [Ch-ch-ch-ch-ching!!! $60,000]   Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.
Change in Google Chrome 17.0.963.66:
This release fixes a number of issues including: Security fixes and rewards:
- Cursors and backgrounds sometimes do not load (bug 111218)
- Plugins not loading on some pages (bug 108228)
- Text paste includes trailing spaces (bug 106551)
- Websites using touch controls break (bug 110332)
- [$10,000]  Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
- [$10,000]  Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
- [$10,000]  Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.
- [$1000]  High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
- [$1000]  High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
- [$2000]   High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
- [$1000]  High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
- [$2000]  High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
- [$1000]  High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
- [$3000]    High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
- [$1000]  High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
- [$1000]  High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
- [$500]  Medium CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
- [$1000]  High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
- [$1000]  High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
- [$1000]  High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
- [$1000]  High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis
Change in Google Chrome 17.0.963.56: (Security fixes and rewards)
-  High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
- [$500]  Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
- [$1000]  High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
- [$1000]  High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
-  High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
-  Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
- [$1000]  High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
-  Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
- [$500]  Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
-  Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
- [$500]  Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
- [$1337]  High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
-  Medium CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.
Change in Google Chrome 17:
New features: Security fixes and rewards:
- New Extensions APIs
- Updated Omnibox Prerendering
- Download Scanning Protection
- Many other small changes
-  Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community.
-  Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne.
-  High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community.
-  Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [$1000]  High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG.
- [$2000]  High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz.
- [$1000]  High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG.
- [$500]  Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG.
- [$1000]  Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen.
- [$500]  Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG.
-  Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG.
-  Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com.
-  Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek.
- [$1000]  High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG.
-  Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo.
- [$1000]  High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis.
- [$1000]  High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis.
- [$500]  Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
- [$1000]  High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis.
-  Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Download | Windows | Dev (Offline installer)
Download | Windows | Beta (Offline installer)
Download | Windows | Stable (Offline installer)
Download | Mac
Download | Linux
View more the latest threads: