Google Chrome 5.0.375.127 has been released to the Stable Channel on Windows, Mac, and Linux.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Aside from the listed security bugs fixed in Chromium, we have also deployed a workaround for a critical vulnerability where the root cause lies in an external component. Credit and $1337 to Marc Schoenefeld for enabling us to work around another Windows kernel bug [51070].

• [$1337] [45400] Critical Memory corruption with file dialog. Credit to Sergey Glazunov.
• [$500] [49596] High Memory corruption with SVGs. Credit to wushi of team509.
• [$500] [49628] High Bad cast with text editing. Credit to wushi of team509.
• [$1000] [49964] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
• [$2000] [50515] [51835] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
• [$1337] [50553] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
• [51146] Medium Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen.
• [$1000] [51654] High Memory corruption with Ruby support. Credit to kuzzcc.
• [$1000] [51670] High Memory corruption with Geolocation support. Credit to kuzzcc.

Google Chrome 5.0.375.86 has been released to the Stable channel on Linux, Mac, and Windows.

• [$500] [39443] High Type confusion error with forms. Credit: kuzzcc.
• [39698] High HTTP request error leading to possible XSRF. Credit: Meder Kydyraliev, Google Security Team. 
• [40136] Medium Local file reference through developer tools. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
• [40137] Medium Cross-site scripting in chrome://net-internals. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
• [40138] High Cross-site scripting in chrome://downloads. Credit: Robert Swiecki, Google Security Team; Tavis Ormandy, Google Security Team.
• [40575] Medium Pages might load with privileges of the New Tab page.
• [$500] [40635] High Memory corruption in V8 bindings. Credit: kuzzcc; Google Chrome Security Team (SkyLined); Michal Zalewski, Google Security Team.

• Fix to prevent crashes with the LastPass extension (Issue 38857)
• Add the option to disable 'Offer to translate pages that aren't in a language I read' in Options > Under the Hood

• [38845] Low Crash with bad FTP response. Credit to Tobias Klein (www.trapkit.de).

Google Chrome 4.1.249.1042 has been released to the Windows Stable channel.

This release fixes an issue with some extensions not installing from the Google Chrome extensions gallery (issue 38220).

The stable channel has been updated to 4.1.249.1036 for Windows, and includes the following features and security fixes (since 4.0):

• Translate infobar.
• Privacy features: content settings (cookies, images, JavaScript, plug-ins, pop-ups).
• Disabling experimental new anti-reflected-XSS feature called "XSS Auditor". The feature is still experimental, and we're disabling it while we look into some serious performance issues in rare cases. Please see this post for more details about what the XSS Auditor is.

Please see this feature announcment post for more info about translate and privacy.

Security Fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Congratulations to Sergey Glazunov on receiving the first $1337 Chromium Security Rewardforbug 35724.

• [28804] [31880] High Race conditions and pointer errors in the sandbox infrastructure.Credit to Mark Dowd, under contract to Google Chrome Security Team.
• [30801] [33445] Low Delete persisted metadata such as Web Databases and STS.Credit to Google Chrome Security Team (Chris Evans) and RSnake of ha.ckers.org.
• [33572] Medium HTTP headers processed before SafeBrowsing check.Credit to Mike Dougherty of dotSyntax, LLC.
• [$500] [34978] High Memory error with malformed SVG.Credit to wushi of team509.
• [$1337] [35724] High Integer overflows in WebKit JavaScript objects.Credit to Sergey Glazunov.
• [36772] Medium HTTP basic auth dialog URL truncation.Credit to Google Chrome Security Team (Inferno).
• [37007] Medium Bypass of download warning dialog.Credit to kuzzcc.
• [$1000] [37383] High Cross-origin bypass.Credit to kuzzcc.
• [$500] [Affected BETA only] [37061] High Memory error with empty SVG element.Credit to Aki Helin of OUSPG.

The stable channel has been updated to 4.0.249.78 for Windows, and includes the following features and security fixes (since 3.0):

Google Chrome's Stable channel has been updated to version 3.0.195.38. (The Stable channel is still Windows-only.)


This release fixes a couple of browser crashes:

• r31694 fixes a crash while typing in the omnibox (issue 20511).
• r32474 fixes a crash while playing mp4 videos with odd sizes, such as 1366x768 (issue 27675).

The beta and stable channels have been updated to 195.25.  This release includes only a single change that adds an image link to the new tab page which directs new users to the themes gallery.


Anthony Laforge
Google Chrome Program Manager