Stable Channel Update

**The Google Chrome team is happy to announce the arrival of Chrome 19 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. Chrome 19 contains a number of new features like tab sync.****More detailed updates are available on the Chrome Blog. **

**Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
**

• [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.
• [113496] Low** **CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.
• [118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to "psaldorn".
• [$1000] [118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.
• [118664] Low** **CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.
• [$500] [120648] Medium** **CVE-2011-3088: Out-of-bounds read in hairline drawing. Credit to Aki Helin of OUSPG.
• [$1000] [120711] High** **CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.
• [$500] [121223] Medium** **CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.
• [121734] High** **CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).
• [$1000] [122337] High** **CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.
• [$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling. Credit to miaubiz.
• [122586] Medium** **CVE-2011-3094: Out-of-bounds read in Tibetan handling. Credit to miaubiz.
• [$1000] [123481] High** **CVE-2011-3095: Out-of-bounds write in OGG container. Credit to Hannu Heikkinen.
• [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.
• [123733] [124182] High** **CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.
• [Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR (MSVR:159).
• [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.
• [124652] Medium****CVE-2011-3100: Out-of-bounds read drawing dash paths. Credit to Google Chrome Security Team (Inferno).**
  And some additional rewards for issues with a wider scope than Chrome:
  **

**

• [Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux Nvidia driver bug. Credit to Aki Helin of OUSPG.
• [$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla.

Many of the above bugs were detected using AddressSanitizer.

We'd also like to thank Aki Helin of OUSPG, Sławomir Błażek, Chamal de Silva, miaubiz, Arthur Gerkis and Christian Holler for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $9000 of additional rewards were issued for this awesomeness.**

Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome