The Chrome Stable channel has been updated to 18.0.1025.168 on Windows, Mac, Linux and Chrome Frame.  

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz.
• [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by  wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
• [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
• [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano.

• [$1000] [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz.

The bugs [106413], [117110] and [121899] were detected using AddressSanitizer.

Chrome for Android Beta has been updated to 0.18.4409.2396 (Chrome 18.0.1025.133) on Google Play.  As mentioned on the Chrome Blog, this update includes a number of new features, as well as the following changes:

• Allow for download of files to the device
• Complex Text Layout (CTL) and Right to Left (RTL) text support in rendered pages
• Enable old-style YouTube embed content to be played via native YouTube app
• Support for country-specific suggested search engines.

Known issues:

• 115732 : External links don't open in new tabs if multiple links are opened
• 113041 : No way to auto-hide the toolbar
• 114964 : Error pages are not optimized for mobile / Android devices
• Other notable issues listed here

The Chrome Stable channel has been updated to 18.0.1025.162 on on Windows, Mac, Linux and Chrome Frame.  This release fixes issues including:


Windows

• Facebook page hangs after a while (Issue: 121141)
• black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)

Mac

• HTML5 audio doesn't work on some Mac computers (Issue: 109441)

The Chrome Stable and Beta channels have been updated to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame.  This release fixes issues including:

• black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)
• CSS not applied to element (Issue: 114667)
• Regression rendering a div with background gradient and borders (Issue: 113726)
• Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
• Multiple crashes (Issues: 72235, 116825 and 92998)
• Pop-up dialog is at wrong position (Issue: 116045)
• HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165)
• SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252)

Known Issues:

• HTML5 audio doesn't work on some Mac computers (Issue: 109441)

Security fixes and rewards:

A new version of Flash Player is included. More details are available in an addendum to this Flash Player advisory.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
• [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
• [$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
• [$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
• [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
• [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
• [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
• [$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
• [$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
• [$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
• [$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
• [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

Many of these bugs were detected using AddressSanitizer.

Google has just released an update that brings the stable channel of the Google Chrome web browser to version 18. Chrome users running version 17 or other previous versions should receive automatic updates once they start the browser. Those who do not can click on the Wrench icon, and then About Google Chrome to force the browser to check for new updates.

Those who have blocked automatic updates can download the latest version of the web browser from the official Chrome download page as well. The release is available for download for the supported operating systems Windows, Mac, and Linux.

Google Chrome 18 Stable

The new version introduces several new features and resolves security related issues. The following security issues have been fixed in Chrome 18.

• Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP.
• Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
• Medium CVE-2011-3060: Out-of-bounds read in text fragment handling.
• Medium CVE-2011-3061: SPDY proxy certificate checking error.
• High CVE-2011-3062: Off-by-one in OpenType Sanitizer.
• Low CVE-2011-3063: Validate navigation requests from the renderer more carefully.
• High CVE-2011-3064: Use-after-free in SVG clipping.
• High CVE-2011-3065: Memory corruption in Skia.
• Medium CVE-2011-3057: Invalid read in v8.

No critical security issues were fixed in the release, only three with a severity rating of high, five with a medium rating, and one with a low rating. It is still recommended to update asap to protect the browser from possible exploits.n  The new version of Adobe Flash has also been integrated into Google Chrome 18.

The developers have added the SwiftShader software rendering technology into Chrome 18 which provides better performance if hardware acceleration is not available on the system. While not nearly as effective performance-wise as a hardware accelerated solution, it provides users with older hardware access to these new technologies.

Google furthermore has added GPU-accelerated Canvas 2D on compatible Windows and Mac systems, which, according to the company, should “make web applications like games perform even better than a pure software implementation”.

Chrome users can check on the chrome://gpu/page whether the browser on their system is making use of hardware or software acceleration.

The Chrome team is excited to announce the release of Chrome 18 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 18.0.1025.142 contains a number of new features including faster and fancier graphics. More detailed updates are available on the Chrome Blog and the Chromium Blog.  
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.

• [$500] [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
• [$500] [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
• [$500] [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
• [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
• [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
• [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
• [$1000] [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
• [$1000] [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
• [$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

The bugs [112317], [114056] and [117471] were detected using AddressSanitizer.

We’d also like to thank miaubiz, Chamal de Silva, Atte Kettunen of OUSPG, Aki Helin of OUSPG and Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $8000 of additional rewards were issued for this awesomeness.

• Fixed Font settings aren't saved on quit (Issue: 112706)
• Fixed IME failure on specific flows with a windowless Flash (Issue: 117758)
• Fixed Crash when creating a new tab while the previous one is still loading (Issue: 87176)
• Fixed Drag and Drop issues (Issue: 119700)

• Fixed "Find Next" button does not work as intended (Issue: 112193)

The Beta channel has been updated to  18.0.1025.116 or 18.0.1025.117 for Windows and 18.0.1025.117 Chrome Frame.  

The Beta channel has been updated to 18.0.1025.113 for Windows, Mac, Linux, and Chrome Frame.  

The Beta channel has been updated to 18.0.1025.109 for Windows, Mac, and Chrome Frame.  

The Beta channel has been updated to 18.0.1025.108 for Windows, Mac, Linux, and Chrome Frame.  

The Beta channel has been updated to 18.0.1025.100 for Windows, Mac, Linux, and Chrome Frame.  

• Fixed Chrome install/update resets Google search preferences (Issue: 105390)
• Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401)
• Fixed a GPU crash (Issue: 116096)
• More fixes for Back button frequently hangs (Issue: 93427)
• Bastion now works (Issue: 116285)
• Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)
• Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943)
• Fixed Google Feedback causes render process to use too much memory (Issue: 114489)
• Fixed after upgrade, some pages are rendered as blank (Issue: 109888)
• Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551)

• Updated V8 - 3.8.9.8
• Fixed several crashes (Issues: 111376, 108688, 114391)
• Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476)
• Sync: Sessions aren't associating pre-existing tabs (Issue: 113319)
• Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672)

• Fixed Custom cursor decoding with wrong color  (Issue: 114598)
• Fixed Custom image cursor makes the cursor disappear altogether (Issue: 111027)
• Fixed Chrome on dual-GPU NVIDIA/Intel MacBook Pro hangs browser (Issue 113703)