Stable Channel Update

The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms

All

• Updated V8 - 3.5.10.23
• Fix small print sizing issues (issues: 102186, 82472, 102154)
• This new build also contains a new version of Flash which contains security fixes. (Release Notes)

Mac

• Fixed the “certificate is not yet valid” error for server certificate issued by a VeriSign intermediate CA.(issue101555)

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

• [$500] [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
• [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
• [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
• [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
• [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken "strcpy" Russell of the Chromium development community.
• [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
• [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).

The bugs [100465], [100492], [100543] and [101458] were detected using AddressSanitizer.

Full details about what changes have been made in this release are available in the SVN revisions log. Interested in switching to another channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome