Stable Channel Update for Chrome OS

The Stable channel has been updated to 62.0.3202.74 (Platform version: 9901.54.0/1) for most* Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days.

New Features

• Kerberos SSO integration for Active Directory managed Chrome OS devices
• Ability to zoom legacy apps in tablet mode
• Randomized Alternate Hosts for Captive Portal Detection
• Chrome notification style & interactions refresh
• Enhanced touch experience in Files app
• Support for full-screen apps in Enterprise Public Session mode
• ARC++ inbound network connections
  Security Fixes
  Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

[762671] This update includes fixes for the KRACK vulnerabilities (CVE-2017-13077 to 13082, 13084, 13086 to 13088).

[$100,000][766253] Critical: Persistent code execution on Chrome OS. Reported by Anonymous on 2017-09-18

• [766260] High CVE-2017-15401: Out of bounds memory access in V8
• [766262] High CVE-2017-15402: Privilege escalation in PageState
• 766271, 766275, and 766276 - also reported with 766253, were fixed in Chrome OS 61.

[$TBD][777215] High CVE-2017-15400: CRLF and code injection in printer zeroconfig. Reported by Rory McNamara on 2017-10-22

[$500][627300] Low CVE-2017-15397: Use of plaintext network protocols in ChromeVox. Reported by Nightwatch Cybersecurity Research on 2016-07-12

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using 'Report an issue…' in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Bernie Thompson
Google Chrome

*Devices with the Play Store, as well as AOpen Chromebase Commercial and AOpen Chromebox Commercial will be rolling out over the next few days.