Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.
- [$1000]  High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
-  High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
- [$1000]  High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
-  High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
- [$1000]  High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
-  Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
-  Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
- [$2000]  High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.
Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:
-  Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.
More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.