The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):

  • Extensions
  • Bookmark sync
  • Enhanced developer tools
  • HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
  • v8 performance improvements
  • Skia performance improvements
  • Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
  • HTTP byte range support
  • New security feature: “Strict Transport Security” support
  • Experimental new anti-reflected-XSS feature called “XSS Auditor”

Security Fixes:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

  • [3275] Low Pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
  • [9877] Medium Cross-domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
  • [12523] Medium Browser memory error with stale pop-up block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
  • [20450] Low Prevent XHR to directories. Credit to the Chromium development community.
  • [23693] Low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
  • [8864] [24701] [24646] High Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
  • [28566] High Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
  • [29920] Low Corner case failure to strip Referer. Credit to the Chromium development community.
  • [30666] High Cross-domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
  • [31307] High Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
  • [31517] Low Browser crash with nested URL.