Google has released Chrome 12.0.742.112 to close six high risk security holes (and a medium level risk out-of-bounds read in the NPAPI string handling). All of these latest vulnerabilities where found under the Chromium Security Reward programme and cost Google $6000. The release, which is out for Windows, Mac OS X and Linux, also contains an updated version of Adobe Flash.
The list of holes plugged are:
- [$1000]  Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
- [$1000]  High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
- [$1000]  High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
- [$500]  High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
- [$500]  High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
- [$1000]  High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
- [$1000]  High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.
The full list of changes is available in the SVN revision log. Note that the referenced bugs are kept private until a majority of Chrome users have updated.
Noticeable by his absence from the list was Sergey Glazunov who has earned thousands of dollars from Google while making Chrome safer.
Chrome 12.0.742.112 is also available to download from google.com/chrome.