Google Chrome 22.0.1229.92
The Stable channel has been updated to 22.0.1229.92 for Windows, Mac, and Linux. This update contains a number of stability fixes, including an issue with multiple profiles on Mac OS X 10.8.2. It also contains a fix for text display on the Mac, as well as the security updates listed below.
Security fixes and rewards:
Please see the Chromium security pagefor more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Many of the above bugs were detected using AddressSanitizer. These builds also have a new version of Flash with security and other fixes. More information can be found here.
-  High CVE-2012-2900: Crash in Skia text rendering.
-  Critical CVE-2012-5108: Race condition in audio device handling.
-  Medium CVE-2012-5109: OOB read in ICU regex.
-  Medium CVE-2012-5110: Out-of-bounds read in compositor.
-  Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins.
Google Chrome 22.0.1229.79
The Chrome Team is excited to announce the promotion of Chrome 22 to the stable channel. Chrome 22.0.1229.79 (also now available on the beta channel) has a number of new and exciting updates including:
You can find out more about Chrome 22 on the Official Chrome Blog. Security fixes and rewards: Please see the Chromium security pagefor more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:
- Additional Windows 8 enhancements
- Continued polish for users of HiDPI/Retina screens
Any of the above bugs were detected using AddressSanitizer. We’d also like to thank Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.
-  High CVE-2012-2889: UXSS in frame handling.
-  High CVE-2012-2886: UXSS in v8 bindings.
-  High CVE-2012-2881: DOM tree corruption with plug-ins.
-  High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
-  High CVE-2012-2883: Out-of-bounds write in Skia.
-  High CVE-2012-2887: Use-after-free in onclick handling.
-  High CVE-2012-2888: Use-after-free in SVG text references.
-  High CVE-2012-2894: Crash in graphics context handling.
- [Mac only]  High CVE-2012-2896: Integer overflow in WebGL.
-  Medium CVE-2012-2877: Browser crash with extensions and modal dialogs.
-  Low CVE-2012-2879: DOM topology corruption.
-  Medium CVE-2012-2884: Out-of-bounds read in Skia.
-  High CVE-2012-2874: Out-of-bounds write in Skia.
-                 Medium CVE-2012-2875: Various lower severity issues in the PDF viewer.
-  High CVE-2012-2878: Use-after-free in plug-in handling.
-  Medium CVE-2012-2880: Race condition in plug-in paint buffer.
-  High CVE-2012-2882: Wild pointer in OGG container handling.
-  Medium CVE-2012-2885: Possible double free on exit.
-    High CVE-2012-2890: Use-after-free in PDF viewer.
-  Low CVE-2012-2891: Address leak over IPC.
-  Low CVE-2012-2892: Pop-up block bypass.
-  High CVE-2012-2893: Double free in XSL transforms.
-    High CVE-2012-2895: Out-of-bounds writes in PDF viewer.