The Stable channel update fixes a total of five “high-risk” bugs: a heap overflow in the Ogg Vorbis decoder, a double free issue in the Theora decoder and a memory corruption regression in VP8 decoding, as well as a use-after-free error and a buffer overflow in shader variable mapping. Two medium-risk out of bounds reads in MKV and Ogg vorbis media handlers, and a low-risk issue that caused JRE7 to fail to ask for permission to run applets have also been fixed. Further details of the vulnerabilities are being withheld until “a majority of users are up-to-date with the fix”.
More information about the update can be found in a post on the Google Chrome Releases blog. Chrome 15.0.874.120 for Windows, Mac OS X, Linux and Chrome Frame is available to download from google.com/chrome. Users who currently have Chrome installed can use the built-in update function.