New security fixes for Chrome stable

In the first security update since the release of the Mac and Linux versions, Google addresses multiple high-level security bugs and a sandbox breach.

google chrome

Google pushed out an update for the stable branch of its Chrome browser Wednesday. The update, for Windows, Mac, and Linux, addresses multiple security bugs including nine tagged as high-level problems.

The high-level security bugs included cross-origin bypass in DOM methods that netted a security researcher $2,000 in Google's ongoing bug-hunting contest, a memory error in table layouts that earned another researcher $500, holes in the wall of the sandbox on Linux computers, HTML5-based geolocation events firing even after the relevant document had been deleted, and multiple memory errors.

This is the first security-fixing release for the stable branch of Google Chrome since the stable versions for Mac and Linux were announced. The full changelog can be read here.

Update, 1:32 p.m. PST: Google also updated the developer's build of Chrome later in the day. Chrome dev version 6.0.427.0 for Windows, Mac, and Linux is a fairly minor update that fixes a bug on all platforms that prevented previews from being seen in empty form fields when the autofill profile was in focus. Linux users saw two bugs on their platform get fixed, one that allowed tracebacks from and another that crashed the browser.

Google also acknowledged two potential causes for recent developer's build crashes on all platforms, but has yet to issue a fix for them. Chrome dev crashes when canceling synchronization sign-in, and when clicking the Save button in the AutoFill Profiles window. Because this is the developer's build, and the least stable of the three "official" builds for Chrome, users should not be surprised by buggy behavior.