Google has released Chrome 15.0.874.120 for Windows, Mac and Linux with a new version of Flash. This new version of Adobe Flash player fixes several memory corruption vulnerabilities that could lead to arbitrary code execution.
Google paid out $2,000 in rewards for this version with the all of the monet going to Aki Helin of OUSPG:
- [$500]  High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
- [$500]   Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
-  High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
- [$1000]  High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
-  High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community.
-  High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
-  Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).
Note that the referenced bugs are kept private by Google until a majority of Chrome users have updated.
Google also fixed the following bugs: