The stable channel has been updated to 9.0.597.107 for all platforms. This release contains the following security fixes.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Congratulations to the diverse range of researchers featuring in this patch. We’re pleased to announce that the Chromium Security Rewards program has now crossed $100,000 of rewards.
- [$1000] [54262] High URL bar spoof. Credit to Jordi Chancel.
- [$500] [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
- [$1000] [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
- [$1000] [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov.
- [$500] [70078] High Crash with forms controls. Credit to Stefan van Zanden.
- [$1000] [70244] High Crash in SVG rendering. Credit to Sławomir Błażek.
- [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
- [$1000] [71114] High Stale node in table handling. Credit to Martin Barbella.
- [$1000] [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
- [$1000] [71296] High Stale pointer in SVG animations. Credit to miaubiz.
- [$1000] [71386] High Stale nodes in XHTML. Credit to wushi of team509.
- [$1000] [71388] High Crash in textarea handling. Credit to wushi of team509.
- [$1000] [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov.
- [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.
- [$1000] [71855] High Integer overflow in textarea handling. Credit to miaubiz.
- [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
- [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
- [$1000] [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
- [$1000] [73235] High Stale pointer in layout. Credit to Martin Barbella.
Chris Evans
Google Chrome Security Team