The stable build of Google Chrome has updated, introducing seven security patches to the browser. Version 4.1.249.1059 for Windows incorporates four high-priority security fixes and three medium-priority ones.

The high-priority fixes, introduced Tuesday, correct type confusion errors with forums, memory corruption in the V8 JavaScript engine bindings, cross-site scripting vulnerabilities on the Chrome downloads page, and HTTP request errors. The first two corrections earned user "kuzzcc" $500 each in Google Chrome's vulnerability discovery rewards program.

The medium-priority errors involved local file reference through developer tools, cross-site scripting in chrome://net-internals, and the discovery that some external pages could load with the rights privileges of the New Tab page.

Firefox 3.6.4 beta incorporates out-of-process plug-in protections. (Credit: Mozilla)

Meanwhile, Mozilla has been moving forward with its Firefox 3.6.4 beta 1 for Windows, Mac, and Linux.

This latest Firefox beta test, introduced Friday, incorporates the long-awaited out-of-process plug-in proofing, code-named "Lorentz." The protection is similar to the tab sandboxing that Google uses in Chrome, but it's focused on preventing plug-ins such as Adobe Flash, Microsoft Silverlight, or Apple QuickTime from taking down the entire browser when they fail. These plug-ins run in a separate memory compartment.

This beta also fixes bugs that had prevented the Lorentz plug-in from working on Macs. Upgrading from Firefox 3.6.3 to Firefox 3.6.4 beta 1 on a Windows 7 computer required a computer reboot for unknown reasons. This seems to be the exception and not the rule, and the majority of users shouldn't experience it.