Tuesday, May 20, 2014

Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 35 to the Stable channel for Windows, Mac, and Linux. Chrome 35.0.1916.114 contains a number of fixes and improvements, including:
  • More developer control over touch input
  • New JavaScript features
  • Unprefixed Shadow DOM
  • A number of new apps/extension APIs 
  • Lots of under the hood changes for stability and performance

Security Fixes and Rewards

This update includes 23 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.

[$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer.
[$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple.
[$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
[$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek.
[$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu.
[$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.

As usual, our ongoing internal security work responsible for a wide range of fixes:
  • [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.
  • [358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Many of the above bugs were detected using AddressSanitizer.

Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grünberg
Google Chrome

53 comments:

Greg Miernicki said...

...how could you guys leave out that the Linux version now also uses Aura by default?! This is HUGE for the Linux users! FTW!

Adam Kauffman said...

Why does the linux debian package now require firefox and xul-ext-ubufox to be installed?

m_gol said...

I see WeakMap/WeakSet/Object.observe are not included, contrary to earlier claims. Will they disappear from Node.js 0.12 as well? (the latest beta uses v8 3.25.30 and has them all)

670839245 said...

stable channel gets chrome 35... beta still gets 34. is that fair???/

bswarm said...

Mouseover tooltips are unreadable (white text on light yellow background) on Ubuntu 14.04. Changing themes make no difference. I would like to turn them off altogether, but chrome seems to not follow the rules set in CCSM for tooltip opacity.

John Cosentino said...

Google Chrome 35 crashes on Windows 8.1 under EMET 4.1
Can you guys please fix this?

Unknown said...

I love that Linux is using Aura by default. Just a small bug, that notifications are shown not on the main screen under Ubuntu, but on another screen.
Hopefully this gets fix soon

Rafael Hilário said...

Few changes is time Google Chrome change the layout already getting sick since version 12 of chrome.

Unknown said...

Font rendering is still completely broken (at least on Linux), most fonts are unreadable. Even the most well-known Google fonts don't render properly in Chrome while they render just fine in Firefox. Helvetica font rendering has been broken for quite some time now and it's still not fixed. Even Google Plus renders very poorly in Chrome!

I've switched back to Firefox, I'm fed up with this.

Daniel Wiberg said...

Hangout windows display on my secondary screen instead of my main screen on Linux, is it possible to get them back to the main screen?

tolgay007 said...

Make omnibox like Firefox's awesomebar please.

Ultra9k said...

Thank you for the Aura on Linux!!

wingsofgundam said...

We are getting several crashes upon updating to Version 35.0.1916.114 m from EMET 4.1 on Windows 7. Please fix this. It is blocking every extensions as a Caller Mitigation.

sotyec said...

The " í " key just stopped working after this update on Linux. I have to use "Alt Gr + Shift + i" now. :(

Moo Scree said...

Was using the enable directwrite flag in 34, but then in 35 it completely broke the display of netvibes.com for me.

ChromeUser said...

I see that Google Chrome 35 was released yesterday, but when I click "About Chrome" to update, it says I have version 34.0.1847.137m along with the words "Google Chrome is up to date." What's going on here?

Windows 7 64-bit
Intel Core i3
If you need additional info, just ask. Thanks.

gplus sucks said...

You fail to mention that you apparently have removed the vital-to-testing, "--ignore-certificate-errors" flag, without any rational reason for doing so.

Abdalrhman mohamed said...

You are the founders of Google Chrome successful in your work and I love you very

ChromeUser said...

Chrome still hasn't updated itself. I'm clicking "About Google Chrome" every thirty minutes or so to try and force the update, but it keeps saying I'm "up to date" in spite of the fact that it says I'm still running Chrome 34. Can someone please help?

Victor Alberto Gil said...

Still nagging with disable warning message when developing chrome apps/extensions even on incognito mode where extensions/apps are disabled by default.

Gustavo Aquino said...

My html page with video capture broken after upgrade.

Nos javascript start to show error message:

Uncaught TypeError: Failed to execute 'webkitGetUserMedia' on 'Navigator': The callback provided as parameter 3 is not a function.

Current function:

navigator.getMedia(
hdConstraints
, function(stream) {
video.src = window.URL.createObjectURL(stream);
localMediaStream = stream;
}, userMediaError());

Adônis Franco said...

Updated to 35... Stopped working on my Windows 7 64bits... The application itself opens, but no URLs or Links are working... (Commenting from IE...)

Any body else with the same problem??

Adônis Franco said...

Just updated to version 35, but Chrome stopped working on my Windows 7 64 bits. The application itself opens, but if I try to open any URLs or links it freezes and gives: Error code: ERR_TIMED_OUT.

Any one else with the same problem?

Maciej Gawinecki said...

Links to security bugs found return 403 error. Any plan for fixing that?

fracTure said...

I am having the same issue that Chrome User has posted about above... when I click "About Google Chrome" to update, it says I am up to date with version 34.0.1847.137, even though v35 has been out since yesterday. I have tried updating all day long, on two different 7x64 machines. Same issue. FWIW, I have updated in this manner for well over a year, with no problemos.

Ari Hietala said...

If Microsoft EMET cause chrome crash. Update emet to version 4.1.5228.513. That solve my emet and chrome problem.

bacilla said...

Ver.35 doesn't work on Ububtu with the following message, 34 is fine:

[31795:31795:0522/151354:ERROR:component_loader.cc(138)] Failed to parse extension manifest.
[31795:31795:0522/151355:ERROR:desktop_window_tree_host_x11.cc(1289)] Not implemented reached in void views::DesktopWindowTreeHostX11::MapWindow(ui::WindowShowState)
[31795:31795:0522/151355:FATAL:x11_types.cc(148)] Sorry, we don't support your visual depth without Xrender support (depth:24 bpp:24)

Miguel Ángel Vicente Serrano said...

Same problem reported by ChromeUser here. Chrome shows that it's up to date (version 34.0.1847.137)
But 35.0.1916.114 was released 2 days ago.
Windows XP SP3 32 bits (Spanish Language)
Using Chrome since version 12

Andrey Rybakov said...

Wow, looks GREAT in 4k resolution now! Scaling works! Tabs are finally super crisp and buttons are in proper size. Thank you!

raphaelbm said...

I am on stable channel. Currently v34. Windows XP.

I cant get v35 either. Chrome says I am up to date. Others have commented on this too.

May we have a comment from Chrome land? Please...

fracTure said...

I am having the same issue that ChromeUser, Miguel Ángel Vicente Serrano & raphaelbm are posting about!

When I click "About Google Chrome" to update, it says I am up to date with version 34.0.1847.137, even though v35 has been out for a couple of days. I have tried updating through out the day, on two different 7x64 machines... same issue. I have updated in this manner for a long time, but now it does not work!

PLEASE FIX THIS FOR YOUR LOYAL USERS who want to stay current! Thank you very much.

Stephen said...

Hello! Some of us require Java support! Without it or a compatible alternative I cannot do my job and using Chrome isn't more important than that. Cya.

Alvaro Schneider said...

Nice: now anybody can take a look at 23 Chrome's v34 security issues and exploit them because you haven't been able to deploy.

Dron said...
This comment has been removed by the author.
Dron said...

With new update all my extentions are gone. I start to hate Google. I had 31 version as it was the last one which worked fast and correct and every time it was auto-updated I reverted exe file. With the latest update all my extensions just disappeared. I've spent a lot of time to find and to set up them and it is very annoying to reinstall them.

Dario Beltran said...

My keyboard doesn't accept the latinamerican spanish configuration. I can't write "ñ" or "tildes".

Ruslan said...

FUCK YOU AND YOUR UPDATE YOU BROKE MY IMACROS AND MY DAY

Callisto said...

New Chrome update has a bug, the Systray icon (bell) is gone! i can't get any notifications and this is really bugging me.

I tried ALL the Chrome://flags settings with enabled and all and still nothing is changed, it's really annoying me i use "Auto Refresh Plus" and now i can't get any notifications.

Is this a new thing with Chrome ? because it SUCKS!!

I even doubted my own PC so i tried it on another one and the same thing happens ver 35 is crap!

Had to rollback to ver. 34.

Kyle Getrost said...

Touch has become unusable on my Dell E2014T monitor running on Ubuntu 14.04. Was working perfectly before the upgrade. Nothing happens when I simply click, but when I hold down the "right-click" event happens (right-clicking didn't work for me before). Any insight?

Fabian Kupferschmid said...
This comment has been removed by the author.
Fabrício Raphael said...

The update crashed the java support .... :(

fracTure said...

For people who are not able to update to v35 (like posters ChromeUser, Miguel Ángel Vicente Serrano & raphaelbm), you can do what I did... just get a new Chrome installer (I went here to grab one --> https://support.google.com/installer/answer/126299?hl=en ) and install over the top of v34. Make sure before you do that to back up your Chrome/UserData/Default folder so you can have your bookmarks and extensions if the installer doesn't bring them forward. It worked for me on both 7x64 machines!

Haris K. said...

New Tab page is ugly.
Why should here be a huge google search field? We search from the omnibar.
The thumbnails of speed dial are tiny...

d-dog said...

Hi there,

Where can we find the list of changes for this release?

It broke some things in our SVG-based application and this list would help us tremendously in narrowing down the cause.

-- Dan

Joomag said...

It seems like after the update the HiDPI option disappeared. It was in the chrome://flags. I'm using Windwos 8.1

raphaelbm said...

I have raised a Chrome Bug at
Issue 376592: Can't update from Chrome v34 to v35
see
https://code.google.com/p/chromium/issues/detail?id=376592

Comment #7 seems to have a fix but it is complex and involves editing the registry as well as policies which are not available in WinXP. I am waiting to see what kind of proper fix will be issued to allow me to proceed.

Evil Cow said...

"Hi there,

Where can we find the list of changes for this release?

It broke some things in our SVG-based application and this list would help us tremendously in narrowing down the cause.

-- Dan

3:33 AM, May 26, 2014"

Same problem with SVG, this occurs with transformations: translate, scale. Well we haven't figured out the certain issue. But with the webkit implementation it all works.

Alberto said...

Unfortunately, no java, no chrome.
Firefox is coming back with full strength.
What a disregard with linux users!

Przemysław Kulczycki said...

Hidden feature (or antifeature):
- dropping support for NPAPI plugins (ie. Adobe Flash)

Pulkit Chawla said...

Version 35.0.1916.114 m
Copy and Paste Functionality is Gone.
1st I am not able to copy any sort of formatted content from microsoft word 2010
to gmail body via this latest version of chrome.....
even if at times gets copied all formatting is lost and no space comes...
more over free classified same is happening even with free classifies site..which accepts rich formatting..firefox in this is working all fine

Alex Waldbaum said...

Well, May 29, 2014 19:10 CEST here,
and I'm still on 34.0.1847.137 ;-)

(When using the About Chrome (Manual update) feature, chrome://chrome )


I know that the deployment process is still underway, but I seriously think that Google needs some transparency here when rolling out updates.

Because right now, it's totally obscure.

Is the deployment based on some internal IDs?
The date of the software installation?
Based on geographical regions?

I suggest that you bring some clarity to this whole process..

Kind regards
A.


vla said...

Switching input locales in xfce4 stopped working under ubuntu linux 12.04: I have Hun and Eng keyboard layouts, and now I can type Eng chars only. v34 was working fine. In fact I had v34 and v35 running side-by-side (did not exit from v34 after update, so kept running). In v34 I can still switch locales easily.

Also the Google menu looks ugly now.

Alex Waldbaum said...

For those affected by the Updating issue (Windows):

I think the problem has been found, see here:
https://code.google.com/p/chromium/issues/detail?id=379328