Author Topic: Comodo Dragon ver 17.4 is now available for download  (Read 11360 times)

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: Comodo Dragon ver 17.4 is now available for download
« Reply #15 on: February 26, 2012, 09:28:30 PM »
There's something very odd going on with Dragon and pepperflash. On the test system, there were no versions of flash installed. On my main system, I have only have the non-IE x64 11.2.202.197 version of flash - I use firefox x64 nightly builds. However, I was playing around with portable Dragon 17.4 yesterday (26/02) and noticed it had two files in the:

C:\Users\GCB\Desktop\Stuff\Dragon\User Data\PepperFlash\11.1.31.203

Folder.

manifest.json
pepflashplayer.dll

I didn't install this and I didn't have any other variants of Chrome installed, or portable, at the time. I subsequently installed the x86 version of 11.2.202.197, which disabled the pepperflash version. Incidentally, the pepperflash version was disabled originally, but after enabling the plugin, flash played correctly. the question is, where did this come from?

Edit: I've just checked the other portable Chrome clones, I loaded today for the Browserscope test, only Google Chrome and Dragon have the pepperflash folder and files.
« Last Edit: February 26, 2012, 09:39:28 PM by Radaghast »
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline lightstep

  • Comodo Dragon Developer
  • Comodo Staff
  • Comodo Loves me
  • *****
  • Posts: 132
  • Comodo Dragon developer
Re: Comodo Dragon ver 17.4 is now available for download
« Reply #16 on: February 27, 2012, 09:33:02 AM »
Pepflashplayer is an experimental version of flash that is part of Chromium. It is downloaded in profile folder automatically and disabed. If you enable pepflashplayer it will revert to disabled state after browser restart.

Offline w33d3r

  • Comodo Loves me
  • ****
  • Posts: 178
Re: Comodo Dragon ver 17.4 is now available for download
« Reply #17 on: February 27, 2012, 03:29:35 PM »
Pepflashplayer is an experimental version of flash that is part of Chromium. It is downloaded in profile folder automatically and disabed. If you enable pepflashplayer it will revert to disabled state after browser restart.

Thank you for confirming Lightstep. screenshot

I tried enable and restart, and found it does disable.

However I would much prefer in future versions that we are given a choice of whether to let it install or not. Or indeed any plugins .. Not checked to install by default.

Plugins are un-necessary IMHO, especially the biggest parasite of them all flash.

I dont know if anyone has noticed but you can watch just about anything on you tube these days via html5.
Flash is on its way out (probably why adobe are seemingly starting to respond to public concerns these days, they used to just give everyone a damned good ignoring and plough on reaping the profits regardless)

Flash based Games I understand need it, so users terminally afflicted by free apps for their browsers from .. ahem! ... "trusted sources" - Should have the option to install it I guess, at least if it is sandboxed and does not break chromes permission levels for plugins they would be better off with this than the full blown flash installer.

But please give us the option not to. I for one seriously loath its capabilities <- Not to mention adobe's habit of burying any privacy issues / details in very hard to find places ( Found that link here on NoDPI ).


Further question, for anyone wanting to actually use pepperflash - Where would they put the mms.cfg file (as detailled in the pdf in the link above - admin level restrictions can be forced upon flash no matter what a user tries to set with this file in place with the full version of flash) ..
Would it work for pepperflash ?
Placed in the same folder as the dynamic link library ? (presume so because with this setup there is no windows \ macromed \ flash \ folder )

I believe the mms.cfg file can be a double edged sword though - Depends who, or what, sets it.
« Last Edit: February 27, 2012, 03:49:15 PM by w33d3r »

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13427
  • Volunteer Moderator
Re: Comodo Dragon ver 17.4 is now available for download
« Reply #18 on: March 05, 2012, 04:25:27 AM »
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html

Chrome Stable Update

Sunday, March 4, 2012 | 18:30

Labels: Stable updates

The Chrome Stable channel has been updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame.  This release fixes a number of issues including:

    Cursors and backgrounds sometimes do not load (bug 111218)
    Plugins not loading on some pages (bug 108228)
    Text paste includes trailing spaces (bug 106551)
    Websites using touch controls break (bug 110332)

Along with these fixes, the release contains an updated version of the Adobe Flash player.  More information on Flash updates is available from Adobe. 

Security fixes and rewards:

Firstly, we have some special rewards for some special bugs!

    [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
    [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
    [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.

To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly. It also shouldn’t come as a surprise that they all feature (and earn more!) in the release notes below.

We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

    [$1000] [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
    [$1000] [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
    [$2000] [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
    [$1000] [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
    [$2000] [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
    [$1000] [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
    [$3000] [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
    [$1000] [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
    [$1000] [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
    [$500] [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
    [$1000] [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
    [$1000] [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
    [$1000] [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
    [$1000] [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.

The majority of the above bugs were detected using AddressSanitizer, which rocks.

More detailed updates are available on the Chrome Blog.  Full details about what changes are in this release are available in the SVN revision log.  Interested in hopping on the stable channel?  Find out how.  If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek