Aside from Chromium fixes, Google mentions two workarounds deployed for critical vulnerabilities

Jul 27, 2010 07:41 GMT  ·  By

Google Chrome 5.0.375.125 has been released to the Stable channel on Linux, Mac, Windows, and Chrome Frame, Jason Kersey, of the Google Chrome team, announced Monday, July 26, 2010. The changelog consists of “security fixes and rewards,” says the Google staffer.

The most recent stable releases for the Mac version of Chrome were announced in June, when developers, including some of Apple’s, squashed a large number of security bugs. One of those included High Memory corruption in rendering of list markers. This week, Kersey encourages fans of the WebKit-based web browser to review the latest fixes, as well as to see the Chromium security page for more detail. As usual, referenced bugs may be kept private until a majority of our users are up to date with the fix, the Google Chrome team member said.

“Aside from the listed security bugs fixed in Chromium, we have also deployed workarounds for two critical vulnerabilities where the root cause lies in external components,” Kersey adds. “Credit and $1337 to Marc Schoenefeld for enabling us to work around a Windows kernel bug. Credit and $1337 to Simon Berry-Byrne for enabling us to work around a glibc bug,” he writes. The post continues as follows:

[$500] [42736] Medium Memory contents disclosure in layout code. Credit to Michail Nikolaev. [$500] [43813] High Issue with large canvases. Credit to sp3x of SecurityReason.com. [$500] [47866] High Memory corruption in rendering code. Credit to Jose A. Vazquez. [$500] [48284] High Memory corruption in SVG handling. Credit to Aki Helin of OUSPG. [48597] Low Avoid hostname truncation and incorrect eliding. Credit to Google Chrome Security Team (Inferno).

Those who are able to spot any issues ahead of Google’s own development crew are advised to provide feedback at http://code.google.com/p/chromium/issues/entry.

Download Google Chrome for Mac OS X (Free)