Stable Channel Release and Beta Channel Update

**The Chrome team is excited to announce the release of Chrome 18 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 18.0.1025.142 contains a number of new features including faster and fancier graphics.****More detailed updates are available on the Chrome Blogand the Chromium Blog. **

**Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.
**

• [$500] [109574] Medium** **CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
• [$500] [112317] Medium** **CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
• [$500] [114056] Medium** **CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
• [116398] Medium** **CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
• [116524] High** **CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
• [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
• [$1000] [117471] High** **CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
• [$1000] [117588] High** **CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
• [$500] [117794] Medium****CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.**
  The bugs [112317], [114056] and [117471] were detected using AddressSanitizer.**

We'd also like to thank miaubiz, Chamal de Silva, Atte Kettunen of OUSPG, Aki Helin of OUSPG and Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $8000 of additional rewards were issued for this awesomeness.

This version also contains the new Adobe Flash release, see release notes. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome