Stable and Beta Channel Updates

The Chrome Stable and Beta channels have been updated to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame. This release fixes issues including:

• black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)

• CSS not applied to <content> element (Issue: 114667)

• Regression rendering a div with background gradient and borders (Issue: 113726)

• Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)

• Multiple crashes (Issues: 72235, 116825 and 92998)

• Pop-up dialog is at wrong position (Issue: 116045)

• HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165)

• SSL interstitial error “proceed anyway” / “back to safety” buttons don’t work (Issue: 119252)
  Known Issues:

• HTML5 audio doesn’t work on some Mac computers (Issue: 109441)
  Security fixes and rewards: **
  A new version of Flash Player is included. More details are available in an addendum to this Flash Player advisory.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
**

• [$500] [106577] Medium** **CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
• [117583] Medium** **CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
• [$1000] [117698] High** **CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
• [$1000] [117728] High** **CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
• [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
• [118273] High** **CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
• [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
• [$1000] [118593] High** **CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
• [$500] [119281] Medium** **CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
• [$1000] [119525] High** **CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
• [$1000] [120037] High** **CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
• [120189] Medium****CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).**
  Many of these bugs were detected using AddressSanitizer.** **
  ** **More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome**