14 DAY TRIAL // Less then a week after releasing the first Chrome 9 stable version, Google just pushed out a security update to address several security vulnerabilities in the browser.
The new 9.0.597.94 build has been released to the stable channel for all platforms and also contains Flash Player 10.2.
Starting with Chrome 9, the bundled Flash plug-in runs under the browser's sandbox, making it much more resilient to remote exploitation attacks.
So far, a change of the Flash plug-in version in Chrome has usually been a sign that an update for the stand-alone Flash Player from Adobe is also coming.
In addition to the Flash change, the new Chrome version addresses three high and two medium risk vulnerabilities.
Regular Chrome security contributor miaubiz was awarded $1,000 for reporting a high severity use-after-free memory error in SVG font faces.
Another high risk vulnerability consisting of a stale pointer with anonymous block handling earned Martin Barbella $1,000. Meanwhile, Rik cabanier discovered a separate stale pointer in animation event handling.
David Warren of CERT/CC also earned $1,000 for identifying a failure to terminate process on out-of-memory condition, a bug that carries a medium risk.
The final vulnerability refers to an out-of-bounds memory read error in plug-in handling. It was discovered by Google's own Bill Budge.
Two stable releases in such a short period of time would be unusual for most software projects, unless a critical security issue would need immediate patching. However, Chrome's silent update mechanism allows Google to have a more flexible release cycle.
The latest version Google Chrome for Windows can be downloaded from here.
The latest version Google Chrome for Linux can be downloaded from here.
The latest version Google Chrome for Mac can be downloaded from here.