14 DAY TRIAL // Google has released two more updates for the Chrome stable channel last week in order to patch the bundled Flash Player plug-in and to blacklist several SSL certificates.
These new releases raise the number of Chrome stable security updates pushed in a single month to an unprecedented five.
At the beginning of March Google updated Chrome 9 with security patches, some claiming in preparation for the Pwn2Own hacking contest.
This was followed shortly by the release of the first Chrome 10 stable build which was later patched due to a WebKit vulnerability disclosed at Pwn2Own.
The following update landed last Tuesday and included a version of Flash Player plug-in which addressed an actively attacked zero-day vulnerability.
The flaw was discovered in the wild last week and affects both Flash Player and Adobe Reader. It was being targeted via swf files embedded in Excel documents that were delivered as email attachments.
Even though these initial attacks didn't impact browsers, the potential was there and they could have mutated at any time to include a Web distribution vector.
Google was able to provide a patch much faster than other browsers, because it has an agreement with Adobe where it is given access to new builds in advance.
Chrome comes bundled with a Flash Player plug-in out of the box, which starting with version 10 runs completely under the browser's sandbox. This makes it even more unlikely for arbitrary code execution to occur even if a vulnerability in the plug-in does get exploited.
Last week's second Chrome update arrived on Thursday and its only purpose was to blacklist several HTTPS certificates. Google did not provide an explanation as to why these certificates needed urgent blocking.
The latest version Google Chrome for Windows can be downloaded from here.
The latest version Google Chrome for Linux can be downloaded from here.
The latest version Google Chrome for Mac can be downloaded from here.