The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):
- Extensions
- Bookmark sync
- Enhanced developer tools
- HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
- v8 performance improvements
- Skia performance improvements
- Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
- HTTP byte range support
- New security feature: “Strict Transport Security” support
- Experimental new anti-reflected-XSS feature called “XSS Auditor”
Security Fixes:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [3275] Low Pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined).
- [9877] Medium Cross-domain theft due to CSS design error. Credit to Chris Evans of the Google Security Team.
- [12523] Medium Browser memory error with stale pop-up block menu. Credit to Jacob Balle and Carsten Eiram, Secunia Research.
- [20450] Low Prevent XHR to directories. Credit to the Chromium development community.
- [23693] Low Escape more characters in shortcuts. Credit to Michal Zalewski of the Google Security Team and, independently, Inferno of SecureThoughts.com.
- [8864] [24701] [24646] High Renderer memory errors drawing on canvases. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
- [28566] High Image decoding memory error. Credit to Robert Swiecki of the Google Security Team.
- [29920] Low Corner case failure to strip Referer. Credit to the Chromium development community.
- [30666] High Cross-domain access error. Credit to Tokuji Akamine, Senior Consultant at Symantec Consulting Services.
- [31307] High Bitmap deserialization error. Credit to Mark Dowd, under contract to Google Chrome Security Team.
- [31517] Low Browser crash with nested URL.